Cross‑Site Request Forgery in Link Aggregation Configuration

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

跨站请求伪造(CSRF)

PHOENIX CONTACT FL NAT 跨站请求伪造漏洞

PHOENIX CONTACT FL NAT是德国菲尼克斯电气（PHOENIX CONTACT）公司的一系列工业安全网关。 PHOENIX CONTACT FL NAT存在跨站请求伪造漏洞，该漏洞源于Link Aggregation配置界面，可能导致未经验证的远程攻击者诱骗已认证用户发送未经授权的请求，从而修改设备配置。以下产品受到影响：FL NAT 2008、FL NAT 2208、FL NAT 2304-2GC-2SFP、FL SWITCH 2005、FL SWITCH 2008和FL SWITCH

N/A

N/A