CVE-2023-38579
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Westermo | Lynx | L206-F2G1 | affected |
| Westermo | Lynx | 4.24 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery
Workarounds
Westermo recommends following best practices for hardening, such as restricting access, disable unused services (attack surface reduction), etc., to mitigate the reported vulnerabilities. The reported cross site request forgery vulnerability was patched in a later WeOS4 version.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.