Details of VAR-201908-2207

ID

VAR-201908-2207

TITLE

Cisco Catalyst 3850 Series Device Manager Cross-Site Request Forgery

Trust: 0.6

sources: CNVD: CNVD-2019-25998

DESCRIPTION

The Cisco Catalyst 3850 Series are different sets of switch devices from Cisco. Cisco Catalyst 3850 Series Device Manager cross-site request forgery, which can be exploited by an attacker to take advantage of administrative privileges when a logged-in user visits a malicious website.

Trust: 0.6

sources: CNVD: CNVD-2019-25998

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-25998

AFFECTED PRODUCTS

vendor:

cisco

model:

catalyst series device manager 3.6.10e

scope:

version:

3850

Trust: 0.6

sources: CNVD: CNVD-2019-25998

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-25998
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2019-25998
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2019-25998

EXTERNAL IDS

db:	EXPLOITALERT	id:	33640	Trust: 0.6
db:	CNVD	id:	CNVD-2019-25998	Trust: 0.6

sources: CNVD: CNVD-2019-25998

REFERENCES

url:

https://www.exploitalert.com/view-details.html?id=33640

Trust: 0.6

sources: CNVD: CNVD-2019-25998

SOURCES

db:

CNVD

id:

CNVD-2019-25998

LAST UPDATE DATE

2022-05-17T01:45:07.199000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-25998

date:

2019-08-06T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2019-25998

date:

2019-08-06T00:00:00