Cyber Resilience

CVE-2020-36908

MediumPublic PoC

Published: 06 January 2026

Published
06 January 2026
Modified
23 February 2026
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0023 13.8th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2020-36908 is a medium-severity CSRF (CWE-352) vulnerability in Securecomputing Snapgear Sg560 Firmware. Its CVSS base score is 5.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2020-36908 is a cross-site request forgery (CSRF) vulnerability, classified under CWE-352, affecting the SnapGear Management Console SG560 version 3.1.5. The flaw enables attackers to perform unauthorized administrative actions without the consent of a legitimate user. It has a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), rated as medium severity.

An attacker can exploit this vulnerability by crafting a malicious web page that automatically submits a form to the vulnerable console, creating a new super user account with full administrative privileges. This requires a logged-in administrative user to visit the attacker's malicious page, such as through social engineering like phishing links or compromised websites. No special privileges are needed by the attacker (PR:N), and exploitation occurs over the network with low complexity.

Advisories and references, including those from IBM X-Force Exchange, Packet Storm, Exploit-DB, VulnCheck, and Zero Science, document the issue but do not specify patches or detailed mitigation steps in the provided information. Security practitioners should consult these sources for vendor guidance on updates or workarounds, such as implementing CSRF tokens or restricting administrative access.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user…

more

account with full administrative privileges when a logged-in user visits the page.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1136.001 Local Account Persistence
Adversaries may create a local account to maintain access to victim systems.
Why these techniques?

CSRF in public management console directly enables remote unauthorized account creation (T1190 + T1136.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-36909Same product: Securecomputing Snapgear Sg560
CVE-2024-13146Shared CWE-352
CVE-2021-47730Shared CWE-352
CVE-2020-36901Shared CWE-352
CVE-2020-36886Shared CWE-352
CVE-2026-3589Shared CWE-352
CVE-2024-13852Shared CWE-352
CVE-2025-59891Shared CWE-352
CVE-2025-25967Shared CWE-352
CVE-2025-23467Shared CWE-352

Affected Assets

securecomputing
snapgear sg560 firmware
3.1.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces that administrative actions such as super-user creation can only be performed via properly authenticated and authorized requests, blocking the forged cross-site form submissions in CVE-2020-36908.

prevent

Requires validation of all inputs and requests (including anti-CSRF tokens or origin checks) so that the management console rejects the attacker-crafted forms that exploit the lack of such checks.

prevent

Ensures session authenticity so that authenticated sessions cannot be silently abused by cross-site requests without explicit user intent, mitigating the core CSRF vector against the SG560 console.

References