← Zuruck zu CVEs
CVE-2018-15402
N/ABeschreibung
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a targeted user to follow a URL to a malicious website. An exploit could allow the attacker to take actions within the software with the privileges of the targeted user or gain access to sensitive information.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht10/17/2018
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
cisco:enterprise_network_virtualization_software
Schwachen (CWE)
CWE-352CWE-352
Referenzen
http://www.securityfocus.com/bid/105662(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nfvis-csrf(psirt@cisco.com)
http://www.securityfocus.com/bid/105662(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nfvis-csrf(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.