CVE-2015-6262Cross-Site Request Forgery in Cisco Prime Infrastructure

CWE-352Cross-Site Request ForgeryCWE-125Out-of-bounds Read9 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 71.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Prime Infrastructure
Timeline
PublishedAug 25
Latest updateMay 14

Description

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDcisco/prime_infrastructure1.2.0.103, 2.0+1

🔴Vulnerability Details

3
GHSA
GHSA-v58w-pjxw-39fc: Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 12022-05-14
OSV
libidn vulnerabilities2016-08-24
CVEList
CVE-2015-6262: Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 12015-08-25

📋Vendor Advisories

2
Red Hat
libidn: Out-of-bounds read when reading zero byte as input2016-01-14
Cisco
Cisco Prime Infrastructure Web Interface Cross-Site Request Forgery Vulnerability2015-08-24
CVE-2015-6262 — Cross-Site Request Forgery in Cisco | cvebase