CVE-2021-20996

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 57.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Wago 0852-0303Wago 0852-1305Wago 0852-1305/000-001+7 more
Timeline
PublishedMay 13
Latest updateMay 24

Description

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages10 packages

CVEListV5wago/0852-0303unspecifiedV1.2.3.S0
CVEListV5wago/0852-1305unspecifiedV1.1.7.S0
CVEListV5wago/0852-1505unspecifiedV1.1.6.S0
CVEListV5wago/0852-1305/000-001unspecifiedV1.0.4.S0
CVEListV5wago/0852-1505/000-001unspecifiedV1.0.4.S0

🔴Vulnerability Details

2
GHSA
GHSA-6gx8-4r4f-rfmq: In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties2022-05-24
CVEList
WAGO: Managed Switches: Unsecure Cookie settings2021-05-13
CVE-2021-20996 (MEDIUM CVSS 5.3) | In multiple managed switches by WAG | cvebase.io