First published: Wed Sep 16 2020(Updated: )
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Rad Secflow-1v Firmware | =os-image_sf_0290_2.3.01.26 | |
RAD SecFlow-1v |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-13259 is a vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 that allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack.
CVE-2020-13259 has a severity rating of 8.8 (critical).
The RAD SecFlow-1v os-image SF_0290_2.3.01.26 firmware version is affected by CVE-2020-13259.
An unauthenticated, remote attacker can exploit CVE-2020-13259 by conducting a cross-site request forgery (CSRF) attack on the web-based management interface.
Yes, there are known exploits for CVE-2020-13259. More information can be found at the provided references.