Sign-up

ID

VAR-202009-0228


CVE

CVE-2020-13259


TITLE

RAD SecFlow-1v  Cross Site Request Forgery Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-011234

DESCRIPTION

A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260. RAD SecFlow-1v Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-13259 // JVNDB: JVNDB-2020-011234 // VULMON: CVE-2020-13259

AFFECTED PRODUCTS

vendor:radmodel:secflow-1vscope:eqversion:os-image_sf_0290_2.3.01.26

Trust: 1.0

vendor:radmodel:secflow-1vscope:eqversion: -

Trust: 0.8

vendor:radmodel:secflow-1vscope:eqversion:secflow-1v firmware os-image sf_0290_2.3.01.26

Trust: 0.8

sources: JVNDB: JVNDB-2020-011234 // NVD: CVE-2020-13259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-13259
value: HIGH

Trust: 1.0

NVD: CVE-2020-13259
value: HIGH

Trust: 0.8

VULMON: CVE-2020-13259
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-13259
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-13259
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-13259
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-13259 // JVNDB: JVNDB-2020-011234 // NVD: CVE-2020-13259

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.0

problemtype:Cross-site request forgery (CWE-352) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011234 // NVD: CVE-2020-13259

PATCH

title:SecFlow-1vurl:https://www.rad.com/products/secflow-1v-IIoT-Gateway

Trust: 0.8

title:CVE-2020-13259url:https://github.com/UrielYochpaz/CVE-2020-13259

Trust: 0.1

title: - url:https://github.com/soosmile/POC

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoCurl:https://github.com/Jonathan-Elias/PoC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

sources: VULMON: CVE-2020-13259 // JVNDB: JVNDB-2020-011234

EXTERNAL IDS

db:EXPLOIT-DBid:48809

Trust: 1.9

db:NVDid:CVE-2020-13259

Trust: 1.9

db:CXSECURITYid:WLB-2020090064

Trust: 1.1

db:JVNDBid:JVNDB-2020-011234

Trust: 0.8

db:VULMONid:CVE-2020-13259

Trust: 0.1

sources: VULMON: CVE-2020-13259 // JVNDB: JVNDB-2020-011234 // NVD: CVE-2020-13259

REFERENCES

url:https://www.exploit-db.com/exploits/48809

Trust: 1.9

url:https://cxsecurity.com/issue/wlb-2020090064

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13259

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/352.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/urielyochpaz/cve-2020-13259

Trust: 0.1

sources: VULMON: CVE-2020-13259 // JVNDB: JVNDB-2020-011234 // NVD: CVE-2020-13259

SOURCES

db:VULMONid:CVE-2020-13259
db:JVNDBid:JVNDB-2020-011234
db:NVDid:CVE-2020-13259

LAST UPDATE DATE

2024-11-23T21:35:20.616000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-13259date:2020-09-22T00:00:00
db:JVNDBid:JVNDB-2020-011234date:2021-03-24T06:57:00
db:NVDid:CVE-2020-13259date:2024-11-21T05:00:53.650

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-13259date:2020-09-16T00:00:00
db:JVNDBid:JVNDB-2020-011234date:2021-03-24T00:00:00
db:NVDid:CVE-2020-13259date:2020-09-16T19:15:13.273