Rewterz Threat Advisory – CVE-2020-3261 – Cisco Mobility Express Software Cross-Site Request Forgery

Rewterz Threat Advisory – Cisco IP Phones Web Application Buffer Overflow

April 17, 2020

Rewterz Threat Alert – TrickBot Banking Trojan – Latest IOC’s

April 20, 2020

Rewterz Threat Advisory – CVE-2020-3261 – Cisco Mobility Express Software Cross-Site Request Forgery

Severity

High

Analysis Summary

The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.

Impact

Cross site request forgery

Affected Vendors

Cisco

Affected Products

Cisco Mobility Express Software

Remediation

Please refer to vendor’s advisory for the list of affected products and patches.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24

Rewterz Threat Advisory – Cisco IP Phones Web Application Buffer Overflow

Rewterz Threat Alert – TrickBot Banking Trojan – Latest IOC’s

Rewterz Threat Advisory – CVE-2020-3261 – Cisco Mobility Express Software Cross-Site Request Forgery

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan