CVE-2020-13259

Name of the Vulnerable Software and Affected Versions RAD SecFlow-1v os-image version SF 0290 2.3.01.26

Description The issue is related to insufficient CSRF protections for the web UI on an affected device, allowing an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. An attacker could exploit this by persuading a user of the interface to follow a malicious link, potentially allowing the attacker to perform arbitrary actions with the privilege level of the affected user.

Recommendations For RAD SecFlow-1v os-image version SF 0290 2.3.01.26, consider implementing additional CSRF protections for the web UI to prevent exploitation. As a temporary workaround, restrict access to the web-based management interface to minimize the risk of exploitation.