CVE-2023-38579

Summary

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.

Affected Software

VendorProductVersion RangeStatus
WestermoLynxL206-F2G1affected
WestermoLynx4.24affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery

Workarounds

Westermo recommends following best practices for hardening, such as restricting access, disable unused services (attack surface reduction), etc., to mitigate the reported vulnerabilities.  The reported cross site request forgery vulnerability was patched in a later WeOS4 version.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References