Main Vulnerability Database SB2018062108

SB2018062108 - Cross-site request forgery in Cisco Firepower Management Center

Published: June 21, 2018

Security Bulletin ID SB2018062108

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site request forgery (CVE-ID: CVE-2018-0365)

The vulnerability allows a remote attacker to perform CSRF attack.

The weakness exists due to insufficient CSRF protections for the web-based management interface. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, bypass CSRF Token gain access to the system and perform arbitrary actions.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepower-cs...