HIGH🇬🇧 English

CVE-2023-38579

CVSS 8.0v3.1pub. 2024-02-06upd. 2024-11-21

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Westermo L206 F2g

    HW
    Westermo
    wszystkie wersje
  • Westermo L206 F2g Firmware

    OS
    Westermo
    4.24
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-45735HIGH8.0ten sam produkt

A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that c...

CVE-2023-40544MEDIUM5.7ten sam produkt

An attacker with access to the network where the affected devices are located could maliciously act...

CVE-2023-42765MEDIUM5.4ten sam produkt

An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting ...

CVE-2023-40143MEDIUM5.4ten sam produkt

An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce...

CVE-2023-45222MEDIUM5.4ten sam produkt

An attacker with access to the web application that has the vulnerable software could introduce arbitrary J...