Information disclosure in Cisco MATE - CVE-2018-0260
Published: April 22, 2018
Vulnerability identifier: #VU12080
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0260
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco MATE
Cisco MATE
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to conduct CSRF attack on the target system.
The weakness exists in the web interface due to lack of proper input validation and authorization of HTTP requests. A remote attacker can send a malicious HTTP request to the targeted application to view and download the contents of certain web application virtual directories.
The weakness exists in the web interface due to lack of proper input validation and authorization of HTTP requests. A remote attacker can send a malicious HTTP request to the targeted application to view and download the contents of certain web application virtual directories.
How to mitigate CVE-2018-0260
Install update from vendor's website.