Cross-site request forgery in Cisco Prime Service Catalog - CVE-2018-0107
Published: January 22, 2018
Vulnerability identifier: #VU10122
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0107
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Prime Service Catalog
Cisco Prime Service Catalog
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to perform CSRF attack.
The weakness exists in the web framework of Cisco Prime Service Catalog due to a lack of cross-site request forgery (CSRF) protection. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
The weakness exists in the web framework of Cisco Prime Service Catalog due to a lack of cross-site request forgery (CSRF) protection. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
How to mitigate CVE-2018-0107
Install update from vendor's website.