CSRF Vulnerability in Cisco Small Business 220 Devices
CVE-2016-1470

8.8HIGH

Key Information:

Vendor
Cisco
Status
Small Business 220 Series Smart Plus Switches
Vendor
CVE Published:
2 September 2016

Summary

A Cross-site Request Forgery (CSRF) vulnerability exists in the web-based management interface of Cisco Small Business 220 devices. This flaw allows remote attackers to leverage their access to hijack the authentication of arbitrary users. Devices running firmware versions prior to 1.0.1.1 are susceptible to this attack, potentially compromising the integrity of user sessions and leading to unauthorized configuration changes. Security measures are recommended to protect against this exploitation.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1036722
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/92709
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.