Lucene search
CiscoCISCO-SA-20180117-PSCHistoryJan 17, 2018 - 4:00 p.m.
Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability
2018-01-1716:00:00
tools.cisco.com
12
0.002 Low
EPSS
Percentile
55.5%
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device.
The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-psc [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-psc”]
Affected configurations
Node
ciscoprime_service_catalogMatchany
ORciscoprime_service_catalogMatchany
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco prime service catalog | eq | any | |
| cisco prime service catalog | eq | any |
Related
cvelist
cvelist
CVE-2018-0107
2018-01-18 06:00:00
cve
cve
CVE-2018-0107
2018-01-18 06:29:01
prion
prion
Cross site request forgery (csrf)
2018-01-18 06:29:00
nvd
nvd
CVE-2018-0107
2018-01-18 06:29:01