Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to execute unwanted actions.

The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to submit arbitrary requests to the affected device via the web browser with the privileges of the user.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc”]