CVE-2023-38579
Westermo Lynx 206-F2G Cross-Site Request Forgery
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.
El token de cross-site request forgery en la solicitud puede ser predecible o fácilmente adivinable, lo que permite a los atacantes crear una solicitud maliciosa, que podría ser activada por una víctima sin saberlo. En un ataque CSRF exitoso, el atacante podría llevar al usuario víctima a realizar una acción sin querer.
*Credits:
Aarón Flecha Menéndez, Iván Alonso Álvarez and Víctor Bello Cuevas reported these vulnerabilities to CISA.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-12 CVE Reserved
- 2024-02-06 CVE Published
- 2024-02-14 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Westermo Search vendor "Westermo" | L206-f2g Firmware Search vendor "Westermo" for product "L206-f2g Firmware" | 4.24 Search vendor "Westermo" for product "L206-f2g Firmware" and version "4.24" | - |
Affected
| in | Westermo Search vendor "Westermo" | L206-f2g Search vendor "Westermo" for product "L206-f2g" | - | - |
Safe
|