Main Vulnerability Database SB2017060806

SB2017060806 - CSRF in Cisco Prime Collaboration Assurance

Published: June 8, 2017 Updated: June 9, 2017

Security Bulletin ID SB2017060806

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site request forgery (CVE-ID: CVE-2017-6659)

The vulnerability allows a remote unauthenticated attacker to perform CSRF attack.

The weakness exists in the web-based management interface of Cisco Prime Collaboration Assurance due to insufficient CSRF protections for the web-based management interface. A remote attacker can trick the victim into following a specially crafted link, get access to the affected system and perform arbitrary actions.

Successful exploitation of the vulnerability results in access to the system.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca