CVE-2023-38579

2024-02-0622:16:12

CWE-352

[email protected]

web.nvd.nist.gov

cross-site request forgery

predictable token

unintentional action

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

24.1%

JSON

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.

Affected configurations

Nvd

Node

westermol206-f2g_firmwareMatch4.24

AND

westermol206-f2gMatch-

VendorProductVersionCPE
westermol206-f2g_firmware4.24cpe:2.3:o:westermo:l206-f2g_firmware:4.24:*:*:*:*:*:*:*
westermol206-f2g-cpe:2.3:h:westermo:l206-f2g:-:*:*:*:*:*:*:*