Cross-site request forgery in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2018-0365
Published: June 21, 2018
Vulnerability identifier: #VU13410
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0365
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Detailed vulnerability description
The vulnerability allows a remote attacker to perform CSRF attack.
The weakness exists due to insufficient CSRF protections for the web-based management interface. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, bypass CSRF Token gain access to the system and perform arbitrary actions.
The weakness exists due to insufficient CSRF protections for the web-based management interface. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, bypass CSRF Token gain access to the system and perform arbitrary actions.
How to mitigate CVE-2018-0365
Install update from vendor's website.