TROYANOSYVIRUS
Voltar para CVEs

CVE-2018-0365

N/A

Descricao

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750.

Detalhes CVE

Pontuacao CVSS v3.1N/A
Publicado6/21/2018
Ultima modificacao11/26/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

cisco:amp_7150cisco:amp_7150_firmwarecisco:amp_8150cisco:amp_8150_firmwarecisco:firepower_appliance_7010cisco:firepower_appliance_7010_firmwarecisco:firepower_appliance_7020cisco:firepower_appliance_7020_firmwarecisco:firepower_appliance_7030cisco:firepower_appliance_7030_firmwarecisco:firepower_appliance_7050cisco:firepower_appliance_7050_firmwarecisco:firepower_appliance_7110cisco:firepower_appliance_7110_firmwarecisco:firepower_appliance_7115cisco:firepower_appliance_7115_firmwarecisco:firepower_appliance_7120cisco:firepower_appliance_7120_firmwarecisco:firepower_appliance_7125cisco:firepower_appliance_7125_firmwarecisco:firepower_appliance_8120cisco:firepower_appliance_8120_firmwarecisco:firepower_appliance_8130cisco:firepower_appliance_8130_firmwarecisco:firepower_appliance_8140cisco:firepower_appliance_8140_firmwarecisco:firepower_appliance_8250cisco:firepower_appliance_8250_firmwarecisco:firepower_appliance_8260cisco:firepower_appliance_8260_firmwarecisco:firepower_appliance_8270cisco:firepower_appliance_8270_firmwarecisco:firepower_appliance_8290cisco:firepower_appliance_8290_firmwarecisco:firepower_appliance_8350cisco:firepower_appliance_8350_firmwarecisco:firepower_appliance_8360cisco:firepower_appliance_8360_firmwarecisco:firepower_appliance_8370cisco:firepower_appliance_8370_firmwarecisco:firepower_appliance_8390cisco:firepower_appliance_8390_firmwarecisco:firepower_management_center_1000cisco:firepower_management_center_1000_firmwarecisco:firepower_management_center_2000cisco:firepower_management_center_2000_firmwarecisco:firepower_management_center_2500cisco:firepower_management_center_2500_firmwarecisco:firepower_management_center_4000cisco:firepower_management_center_4000_firmwarecisco:firepower_management_center_4500cisco:firepower_management_center_4500_firmwarecisco:firepower_management_center_virtual_appliancecisco:firesight_management_center_1500cisco:firesight_management_center_1500_firmwarecisco:firesight_management_center_3500cisco:firesight_management_center_3500_firmwarecisco:firesight_management_center_750cisco:firesight_management_center_750_firmwarecisco:ngips_virtual_appliancecisco:secure_firewall_management_center

Fraquezas (CWE)

CWE-352CWE-352

Referencias

http://www.securityfocus.com/bid/104519(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepower-csrf(psirt@cisco.com)
http://www.securityfocus.com/bid/104519(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepower-csrf(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.