CVE-2018-15438Cross-Site Request Forgery in Cisco Prime Collaboration Assurance

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 54.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Prime Collaboration AssuranceCisco Prime Collaboration Assurance
Timeline
PublishedOct 17
Latest updateMay 13

Description

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful explo

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-5837-6gwx-c674: A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduc2022-05-13
CVEList
Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability2018-10-17

📋Vendor Advisories

1
Cisco
Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability2018-10-17
CVE-2018-15438 — Cross-Site Request Forgery in Cisco | cvebase