CVE-2020-3261

Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.

Una vulnerabilidad en la interfaz de administración basada en web del Software Cisco Mobility Express podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site request forgery (CSRF) sobre un sistema afectado. La vulnerabilidad es debido a insuficientes protecciones de CSRF para la interfaz de administración basada en web sobre un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario con una sesión activa en un dispositivo afectado para que siga un enlace malicioso. Una explotación con éxito podría permitir a un atacante llevar a cabo acciones arbitrarias, incluyendo la modificación de la configuración, con el nivel de privilegio del usuario.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2019-12-12 CVE Reserved
2020-04-15 CVE Published
2023-04-19 EPSS Updated
2024-11-15 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24	2020-04-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Aironet 1542i Firmware Search vendor "Cisco" for product "Aironet 1542i Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 1542i Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1542i Search vendor "Cisco" for product "Aironet 1542i"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1542i Firmware Search vendor "Cisco" for product "Aironet 1542i Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 1542i Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1542i Search vendor "Cisco" for product "Aironet 1542i"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1542d Firmware Search vendor "Cisco" for product "Aironet 1542d Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 1542d Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1542d Search vendor "Cisco" for product "Aironet 1542d"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1542d Firmware Search vendor "Cisco" for product "Aironet 1542d Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 1542d Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1542d Search vendor "Cisco" for product "Aironet 1542d"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1562i Firmware Search vendor "Cisco" for product "Aironet 1562i Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 1562i Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1562i Search vendor "Cisco" for product "Aironet 1562i"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1562i Firmware Search vendor "Cisco" for product "Aironet 1562i Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 1562i Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1562i Search vendor "Cisco" for product "Aironet 1562i"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1562e Firmware Search vendor "Cisco" for product "Aironet 1562e Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 1562e Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1562e Search vendor "Cisco" for product "Aironet 1562e"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1562e Firmware Search vendor "Cisco" for product "Aironet 1562e Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 1562e Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1562e Search vendor "Cisco" for product "Aironet 1562e"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1562d Firmware Search vendor "Cisco" for product "Aironet 1562d Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 1562d Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1562d Search vendor "Cisco" for product "Aironet 1562d"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1562d Firmware Search vendor "Cisco" for product "Aironet 1562d Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 1562d Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1562d Search vendor "Cisco" for product "Aironet 1562d"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1815 Firmware Search vendor "Cisco" for product "Aironet 1815 Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 1815 Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1815 Search vendor "Cisco" for product "Aironet 1815"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1815 Firmware Search vendor "Cisco" for product "Aironet 1815 Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 1815 Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1815 Search vendor "Cisco" for product "Aironet 1815"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1830 Firmware Search vendor "Cisco" for product "Aironet 1830 Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 1830 Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1830 Search vendor "Cisco" for product "Aironet 1830"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1830 Firmware Search vendor "Cisco" for product "Aironet 1830 Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 1830 Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1830 Search vendor "Cisco" for product "Aironet 1830"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1840 Firmware Search vendor "Cisco" for product "Aironet 1840 Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 1840 Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1840 Search vendor "Cisco" for product "Aironet 1840"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1840 Firmware Search vendor "Cisco" for product "Aironet 1840 Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 1840 Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1840 Search vendor "Cisco" for product "Aironet 1840"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1850 Firmware Search vendor "Cisco" for product "Aironet 1850 Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 1850 Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1850 Search vendor "Cisco" for product "Aironet 1850"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 1850 Firmware Search vendor "Cisco" for product "Aironet 1850 Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 1850 Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 1850 Search vendor "Cisco" for product "Aironet 1850"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 2800i Firmware Search vendor "Cisco" for product "Aironet 2800i Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 2800i Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 2800i Search vendor "Cisco" for product "Aironet 2800i"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 2800i Firmware Search vendor "Cisco" for product "Aironet 2800i Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 2800i Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 2800i Search vendor "Cisco" for product "Aironet 2800i"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 2800e Firmware Search vendor "Cisco" for product "Aironet 2800e Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 2800e Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 2800e Search vendor "Cisco" for product "Aironet 2800e"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 2800e Firmware Search vendor "Cisco" for product "Aironet 2800e Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 2800e Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 2800e Search vendor "Cisco" for product "Aironet 2800e"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 3800i Firmware Search vendor "Cisco" for product "Aironet 3800i Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 3800i Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 3800i Search vendor "Cisco" for product "Aironet 3800i"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 3800i Firmware Search vendor "Cisco" for product "Aironet 3800i Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 3800i Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 3800i Search vendor "Cisco" for product "Aironet 3800i"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 3800e Firmware Search vendor "Cisco" for product "Aironet 3800e Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 3800e Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 3800e Search vendor "Cisco" for product "Aironet 3800e"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 3800e Firmware Search vendor "Cisco" for product "Aironet 3800e Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 3800e Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 3800e Search vendor "Cisco" for product "Aironet 3800e"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 3800p Firmware Search vendor "Cisco" for product "Aironet 3800p Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 3800p Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 3800p Search vendor "Cisco" for product "Aironet 3800p"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 3800p Firmware Search vendor "Cisco" for product "Aironet 3800p Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 3800p Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 3800p Search vendor "Cisco" for product "Aironet 3800p"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 4800 Firmware Search vendor "Cisco" for product "Aironet 4800 Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Aironet 4800 Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 4800 Search vendor "Cisco" for product "Aironet 4800"	-	-	Safe
Cisco Search vendor "Cisco"	Aironet 4800 Firmware Search vendor "Cisco" for product "Aironet 4800 Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Aironet 4800 Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Aironet 4800 Search vendor "Cisco" for product "Aironet 4800"	-	-	Safe
Cisco Search vendor "Cisco"	Catalyst Iw6300 Firmware Search vendor "Cisco" for product "Catalyst Iw6300 Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "Catalyst Iw6300 Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Iw6300 Search vendor "Cisco" for product "Catalyst Iw6300"	-	-	Safe
Cisco Search vendor "Cisco"	Catalyst Iw6300 Firmware Search vendor "Cisco" for product "Catalyst Iw6300 Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "Catalyst Iw6300 Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	Catalyst Iw6300 Search vendor "Cisco" for product "Catalyst Iw6300"	-	-	Safe
Cisco Search vendor "Cisco"	6300 Series Access Points Firmware Search vendor "Cisco" for product "6300 Series Access Points Firmware"	>= 8.0 < 8.8.130.0 Search vendor "Cisco" for product "6300 Series Access Points Firmware" and version " >= 8.0 < 8.8.130.0"	-	Affected	in	Cisco Search vendor "Cisco"	6300 Series Access Points Search vendor "Cisco" for product "6300 Series Access Points"	-	-	Safe
Cisco Search vendor "Cisco"	6300 Series Access Points Firmware Search vendor "Cisco" for product "6300 Series Access Points Firmware"	8.10\(1.255\) Search vendor "Cisco" for product "6300 Series Access Points Firmware" and version "8.10\(1.255\)"	-	Affected	in	Cisco Search vendor "Cisco"	6300 Series Access Points Search vendor "Cisco" for product "6300 Series Access Points"	-	-	Safe