Cross site request forgery (csrf)

2017-08-0706:29:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.4%

JSON

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks. An attacker could exploit this vulnerability by forcing the user’s browser to perform any action authorized for that user. Cisco Bug IDs: CSCvc90280.

CPENameOperatorVersion
prime_collaboration_provisioningeq12.2

CPE	Name	Operator	Version
	prime_collaboration_provisioning	eq	12.2

References

www.securityfocus.com/bid/100112

www.securitytracker.com/id/1039061

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1