CVE-2017-6036 - A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, V

CVE-2017-6036

Summary

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination.

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A

Vulnerable Configurations

cpe:2.3:o:belden_hirschmann:gecko_lite_managed_switch_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:belden_hirschmann:gecko_lite_managed_switch_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:belden_hirschmann:gecko_lite_managed_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:belden_hirschmann:gecko_lite_managed_switch:-:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 09-10-2019 - 23:28)
Impact:
Exploitability:

CWE

CWE-918

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

misc

https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A

Last major update

09-10-2019 - 23:28

Published

30-06-2017 - 03:29

Last modified

09-10-2019 - 23:28