Main Vulnerability Database SB2017060806

SB2017060806 - CSRF in Cisco Prime Collaboration Assurance

Published: June 8, 2017 Updated: June 9, 2017

Security Bulletin ID SB2017060806

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Cross-site request forgery (CVE-ID: CVE-2017-6659)

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote unauthenticated attacker to perform CSRF attack.

The weakness exists in the web-based management interface of Cisco Prime Collaboration Assurance due to insufficient CSRF protections for the web-based management interface. A remote attacker can trick the victim into following a specially crafted link, get access to the affected system and perform arbitrary actions.

Successful exploitation of the vulnerability results in access to the system.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca