#VU12080 Information disclosure in Cisco MATE - CVE-2018-0260
Published: April 22, 2018
Vulnerability identifier: #VU12080
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0260
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco MATE
Cisco MATE
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated attacker to conduct CSRF attack on the target system.
The weakness exists in the web interface due to lack of proper input validation and authorization of HTTP requests. A remote attacker can send a malicious HTTP request to the targeted application to view and download the contents of certain web application virtual directories.
The weakness exists in the web interface due to lack of proper input validation and authorization of HTTP requests. A remote attacker can send a malicious HTTP request to the targeted application to view and download the contents of certain web application virtual directories.
Remediation
Install update from vendor's website.