Vulnerability Details CVE-2016-1470
Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps
- http://www.securityfocus.com/bid/92709
- http://www.securitytracker.com/id/1036722
- http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_csrf.pdf
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps
- http://www.securityfocus.com/bid/92709
- http://www.securitytracker.com/id/1036722
- http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_csrf.pdf
Products affected by CVE-2016-1470
-
cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.17
-
cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.18
-
cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.19