CVE-2020-36908
Published: 06 January 2026
Summary
CVE-2020-36908 is a medium-severity CSRF (CWE-352) vulnerability in Securecomputing Snapgear Sg560 Firmware. Its CVSS base score is 5.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2020-36908 is a cross-site request forgery (CSRF) vulnerability, classified under CWE-352, affecting the SnapGear Management Console SG560 version 3.1.5. The flaw enables attackers to perform unauthorized administrative actions without the consent of a legitimate user. It has a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), rated as medium severity.
An attacker can exploit this vulnerability by crafting a malicious web page that automatically submits a form to the vulnerable console, creating a new super user account with full administrative privileges. This requires a logged-in administrative user to visit the attacker's malicious page, such as through social engineering like phishing links or compromised websites. No special privileges are needed by the attacker (PR:N), and exploitation occurs over the network with low complexity.
Advisories and references, including those from IBM X-Force Exchange, Packet Storm, Exploit-DB, VulnCheck, and Zero Science, document the issue but do not specify patches or detailed mitigation steps in the provided information. Security practitioners should consult these sources for vendor guidance on updates or workarounds, such as implementing CSRF tokens or restricting administrative access.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1027
Vulnerability details
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user…
more
account with full administrative privileges when a logged-in user visits the page.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF in public management console directly enables remote unauthorized account creation (T1190 + T1136.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces that administrative actions such as super-user creation can only be performed via properly authenticated and authorized requests, blocking the forged cross-site form submissions in CVE-2020-36908.
Requires validation of all inputs and requests (including anti-CSRF tokens or origin checks) so that the management console rejects the attacker-crafted forms that exploit the lack of such checks.
Ensures session authenticity so that authenticated sessions cannot be silently abused by cross-site requests without explicit user intent, mitigating the core CSRF vector against the SG560 console.