CVE-2020-13259: CSRF
First published: Wed Sep 16 2020(Updated: )
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rad Secflow-1v Firmware | =os-image_sf_0290_2.3.01.26 | |
| RAD SecFlow-1v |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-13259?
CVE-2020-13259 is a vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 that allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack.
How severe is CVE-2020-13259?
CVE-2020-13259 has a severity rating of 8.8 (critical).
Which software versions are affected by CVE-2020-13259?
The RAD SecFlow-1v os-image SF_0290_2.3.01.26 firmware version is affected by CVE-2020-13259.
How can an attacker exploit CVE-2020-13259?
An unauthenticated, remote attacker can exploit CVE-2020-13259 by conducting a cross-site request forgery (CSRF) attack on the web-based management interface.
Are there any known exploits for CVE-2020-13259?
Yes, there are known exploits for CVE-2020-13259. More information can be found at the provided references.
- collector/nvd-index
- vendor/rad
- canonical/rad secflow-1v firmware
- version/rad secflow-1v firmware/os-image_sf_0290_2.3.01.26
- canonical/rad secflow-1v