Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability

2017-08-02T16:00:00
ID CISCO-SA-20170802-PCPT1
Type cisco
Reporter Cisco
Modified 2017-08-01T16:09:08

Description

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to execute unwanted actions.

The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user’s browser to perform any action authorized for that user.

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to execute unwanted actions.

The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user’s browser to perform any action authorized for that user.

There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1"]