CVE-2018-15401Cross-Site Request Forgery in Cisco Hosted Collaboration Mediation Fulfillment

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 63.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Hosted Collaboration Mediation FulfillmentCisco Hosted Collaboration Mediation Fulfillment
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could all

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/hosted_collaboration_mediation_fulfillment11.5\(2\), 11.5\(3\), 12.5\(1\)+2

🔴Vulnerability Details

2
GHSA
GHSA-42ww-3m2v-ggmj: A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attac2022-05-13
CVEList
Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability2018-10-03
CVE-2018-15401 — Cross-Site Request Forgery in Cisco | cvebase