3 matches found
Cross site request forgery (csrf)
A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the devic...
Code injection
IOS 12.252SE and 12.252SE1 on Cisco Industrial Ethernet IE 3000 series switches has 1 a community name of public for RO access and 2 a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SN...
CVE-2010-1574
CVE-2010-1574 affects Cisco Industrial Ethernet 3000 Series switches running IOS 12.2(52)SE or 12.2(52)SE1, where hard-coded SNMP read/write community strings (public for RO and private for RW) can let remote attackers modify configurations or gain sensitive info via SNMP. Cisco’s advisory (CSCtf...