CVE-2017-6038

HIGH

Belden Hirschmann GECKO Lite Managed Switch Firmware < 2.0.00 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.

References (1)

Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A

Scores

CVSS v3 7.1
EPSS 0.0044
EPSS Percentile 35.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Details

CWE
CWE-352
Status published
Products (2)
belden_hirschmann/gecko_lite_managed_switch_firmware < 2.0.00
n/a/Belden Hirschmann GECKO Belden Hirschmann GECKO
Published Jun 30, 2017
Tracked Since Feb 18, 2026