CVE-2019-16002Cross-Site Request Forgery in Cisco Vmanage Software

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 43.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Vmanage SoftwareCisco Sd-wan Firmware
Timeline
PublishedNov 26
Latest updateMay 24

Description

A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected instance of vManage. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privil

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_vmanage_softwareunspecifiedn/a
NVDcisco/sd-wan_firmware< 19.2.0

🔴Vulnerability Details

2
GHSA
GHSA-w44r-j9pq-vv3v: A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-s2022-05-24
CVEList
Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability2019-11-26

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability2019-11-20
CVE-2019-16002 — Cross-Site Request Forgery in Cisco | cvebase