CVE-2015-4267

CWE-352 ā€” Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 69.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Identity Services Engine Software
Timeline
PublishedJul 15
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

šŸ”“Vulnerability Details

2
GHSA
GHSA-fh6g-xj4c-5fmv: Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1ā†—2022-05-17
ā–¶
CVEList
CVE-2015-4267: Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1ā†—2015-07-15
ā–¶

šŸ“‹Vendor Advisories

1
Cisco
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerabilityā†—2015-07-15
ā–¶
CVE-2015-4267 (MEDIUM CVSS 6.8) | Cross-site request forgery (CSRF) v | cvebase.io