Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-6427

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-06 Oct, 2016 | 10:00
Updated At-06 Aug, 2024 | 01:29
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:06 Oct, 2016 | 10:00
Updated At:06 Aug, 2024 | 01:29
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1036953
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/93418
vdb-entry
x_refsource_BID
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3
vendor-advisory
x_refsource_CISCO
Hyperlink: http://www.securitytracker.com/id/1036953
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/93418
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3
Resource:
vendor-advisory
x_refsource_CISCO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1036953
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/93418
vdb-entry
x_refsource_BID
x_transferred
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://www.securitytracker.com/id/1036953
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/93418
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:06 Oct, 2016 | 10:59
Updated At:12 Apr, 2025 | 10:46

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Cisco Systems, Inc.
cisco
>>unified_contact_center_express>>10.0\(1\)
cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_contact_center_express>>10.5\(1\)
cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_contact_center_express>>10.6\(1\)
cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_contact_center_express>>11.0\(1\)
cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_intelligence_center>>8.5.4
cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_intelligence_center>>9.0\(2\)
cpe:2.3:a:cisco:unified_intelligence_center:9.0\(2\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_intelligence_center>>9.1\(1\)
cpe:2.3:a:cisco:unified_intelligence_center:9.1\(1\):*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3psirt@cisco.com
Vendor Advisory
http://www.securityfocus.com/bid/93418psirt@cisco.com
N/A
http://www.securitytracker.com/id/1036953psirt@cisco.com
N/A
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/93418af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1036953af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/93418
Source: psirt@cisco.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036953
Source: psirt@cisco.com
Resource: N/A
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/93418
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036953
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2557Records found
CVE-2018-15402
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.45%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 20:00
Updated-26 Nov, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a targeted user to follow a URL to a malicious website. An exploit could allow the attacker to take actions within the software with the privileges of the targeted user or gain access to sensitive information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_virtualization_softwareCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-2025
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-26 May, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-scientific_atlanta_webstar_dpc2100r2n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0259
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.74%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 20:00
Updated-29 Nov, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvh31222.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-mate_collectorCisco MATE Collector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2073
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.51%
||
7 Day CHG~0.00%
Published-15 Jun, 2009 | 19:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wrt160nn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-1561
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.60% / 87.31%
||
7 Day CHG~0.00%
Published-06 May, 2009 | 16:00
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wrt54gcn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0471
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.22% / 44.82%
||
7 Day CHG~0.00%
Published-06 Feb, 2009 | 19:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0055
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.25%
||
7 Day CHG~0.00%
Published-16 Jan, 2009 | 21:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ironport_encryption_applianceironport_postxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0056
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.23% / 45.26%
||
7 Day CHG~0.00%
Published-16 Jan, 2009 | 21:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ironport_encryption_applianceironport_postxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6442
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.60%
||
7 Day CHG~0.00%
Published-27 Oct, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-finesseCisco Finesse 11.0(1)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6444
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.54%
||
7 Day CHG~0.00%
Published-27 Oct, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-meeting_serverCisco Meeting Server 1.8, 1.9, 2.0
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6468
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.23%
||
7 Day CHG~0.00%
Published-14 Dec, 2016 | 00:37
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-emergency_responderCisco Emergency Responder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6417
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.03%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firesight_system_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4256
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_ip_vcr_3.0n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-1470
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.43%
||
7 Day CHG~0.00%
Published-02 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-small_business_220_series_smart_plus_switchesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6262
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-25 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_infrastructuren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-1448
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.87%
||
7 Day CHG~0.00%
Published-17 Jul, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6405
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.64%
||
7 Day CHG~0.00%
Published-13 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-emergency_respondern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6330
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.93%
||
7 Day CHG~0.00%
Published-18 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_collaboration_assurancen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6304
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_server_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6408
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.64%
||
7 Day CHG~0.00%
Published-12 Dec, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_connectionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6373
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.93%
||
7 Day CHG~0.00%
Published-18 Nov, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_extensible_operating_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6378
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.93%
||
7 Day CHG~0.00%
Published-14 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-dpq3925_8x4_docsis_3.0_wireless_residential_gateway_with_embedded_digital_voice_adaptern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4274
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 32.05%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 19:00
Updated-31 Jul, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_intelligence_centern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4267
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 31.25%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engine_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4254
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.93%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_advanced_media_gatewayn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4257
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_mcu_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4253
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Serial Gateway devices with software 1.0(1.42) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90728.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_serial_gatewayn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4281
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.75%
||
7 Day CHG~0.00%
Published-22 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4242
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-08 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firesight_system_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4258
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_mse_8000_seriesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0741
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 31.52%
||
7 Day CHG~0.00%
Published-21 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-hosted_collaboration_solutionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0705
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.41% / 60.48%
||
7 Day CHG~0.00%
Published-22 Apr, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_meetingplacen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0651
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.75%
||
7 Day CHG~0.00%
Published-27 Feb, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-application_networking_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0588
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.97%
||
7 Day CHG~0.00%
Published-15 Jan, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_domain_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4255
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90734.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_ip_gatewayn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0704
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-22 Apr, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_meetingplacen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0735
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-17 May, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_customer_voice_portaln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-1120
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.58% / 67.83%
||
7 Day CHG~0.00%
Published-06 Feb, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_express_softwareunity_expressn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0716
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.93%
||
7 Day CHG~0.00%
Published-07 May, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_connectionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0740
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 31.52%
||
7 Day CHG~0.00%
Published-20 May, 2015 | 00:00
Updated-31 Jul, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_intelligence_centern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4252
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ISDN Gateway devices with software 2.2(1.106) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90724.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_isdn_gw_3241n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0759
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-02 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-headend_digital_broadband_delivery_systemn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-9218
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.28%
||
7 Day CHG~0.00%
Published-26 Jan, 2017 | 07:45
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-hybrid_meeting_serverCisco Hybrid Meeting Server 1.0
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0700
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-17 Apr, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_server_solution_enginen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0736
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-16 May, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-mediasensen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0596
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.57%
||
7 Day CHG~0.00%
Published-02 Feb, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-12271
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.16%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-spa300_firmwarespa500_firmwarespa300_series_ip_phonespa500_series_ip_phoneCisco SPA300 and SPA500 Series IP Phones
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-8031
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 39.14%
||
7 Day CHG~0.00%
Published-09 Jan, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-12636
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.50% / 64.92%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-21 Nov, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsf250-24psf250-08sg300-10p_firmwaresg300-52_firmwaresf250-08hp_firmwaresf250-10p_firmwaresg500-52mp_firmwaresf250-26sf250x-48p_firmwaresg300-52sf250-26_firmwaresg200-26sg500-28sg500x-48sg550x-48p_firmwaresx550x-24sg200-26_firmwaresg200-50p_firmwaresf200e48psg200-08psf250-24p_firmwaresf200-24_firmwaresg300-20sg500-28psx550x-12fsf200-48sf200e-24sf250x-48_firmwaresf350-48psf350-48sg550x-48mp_firmwaresg500x-24psf250-08_firmwaresf300-48psf300-24_firmwaresg500-52sf300-24mp_firmwaresf550x-24mp_firmwaresg500-28mpp_firmwaresg500-52psf200e-24psg350-28sf250-24sg500-52_firmwaresf250-26p_firmwaresf550x-48p_firmwaresg550x-48psg200-10fpsf300-24ppsf200e-48sf250-50hpsx550x-24ft_firmwaresg300-10mpp_firmwaresf250-50hp_firmwaresf550x-48_firmwaresf250-50psg200-50sg300-52mpsf250-18_firmwaresf250-26hp_firmwaresf250x-24psf250x-48psg350-10p_firmwaresg355-10psf200-48p_firmwaresg350-10psg200-26fp_firmwaresx550x-16ft_firmwaresg200-50psf302-08p_firmwaresg500-52mpsg300-52psf250-48sg300-20_firmwaresf250x-24sf500-24p_firmwaresf500-48sg300-10sfpsg550x-24_firmwaresg200-50fpsg300-28_firmwaresf302-08psg500-28mppsf500-24psf200-24p_firmwaresf302-08ppsf350-48p_firmwaresf300-48sg300-10sfp_firmwaresf550x-48mp_firmwaresf250-50sg350-28p_firmwaresf550x-24_firmwaresf250-48hp_firmwaresg300-28ppsf250-08hpsf250-26hpsg300-52mp_firmwaresg350-10mpsf500-48_firmwaresf550x-48psg500-28p_firmwaresg550x-24mppsf550x-24sf500-48psf200-24psg500-52p_firmwaresf500-48p_firmwaresf200e-24_firmwaresg300-28mpsf302-08mp_firmwaresf350-48mp_firmwaresf250-24_firmwaresg350-28mpsf302-08sg350-28mp_firmwaresg300-28pp_firmwaresf250-26psf200-24sx550x-24fsg500x-48psg350-10mp_firmwaresf302-08mpp_firmwaresf200e-48_firmwaresg355-10p_firmwaresg550x-24mp_firmwaresg500x-48p_firmwaresg200-18_firmwaresg300-10psg300-52p_firmwaresf300-48ppsg500x-24_firmwaresg550x-48_firmwaresf550x-24p_firmwaresg300-10mp_firmwaresf302-08_firmwaresg200-08p_firmwaresf200-24fp_firmwaresg550x-24sf250x-24_firmwaresg300-10mpsf250-18sf300-08sg300-10ppsf350-48_firmwaresx550x-24f_firmwaresg200-08sf250-50_firmwaresf250-10psf250x-24p_firmwaresg350-28psf200e48p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf200e-24p_firmwaresg300-28sx550x-52_firmwaresg200-10fp_firmwaresg350-28_firmwaresg300-10_firmwaresg350-10sf250x-48sg550x-24mpsx550x-16ftsf300-24p_firmwaresg500x-24sg550x-48mpsg350-10_firmwaresx550x-24ftsx550x-52sg200-50fp_firmwaresg500x-24p_firmwaresg300-10pp_firmwaresf550x-24psg300-10sf500-24sf300-48p_firmwaresf350-48mpsg550x-24p_firmwaresf200-24fpsg300-10mppsg500xg-8f8t_firmwaresg300-28psg550x-24psg200-26psf200-48psf300-24psf300-24sg200-08_firmwaresf302-08mppsg550x-48sf302-08mpsf250-48_firmwaresf300-48pp_firmwaresf300-24mpsg300-28mp_firmwaresf550x-24mpsx550x-12f_firmwaresf302-08pp_firmwaresg550x-24mpp_firmwaresf250-48hpsg200-18sx550x-24_firmwaresg200-50_firmwaresg500x-48_firmwaresf300-08_firmwaresf200-48_firmwaresg500xg-8f8tsf250-50p_firmwaresg500-28_firmwaresf500-24_firmwaresf300-48_firmwaresf300-24pp_firmwaresg300-28p_firmwareCisco Small Business 250 Series Smart Switches Software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-3267
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.97%
||
7 Day CHG~0.00%
Published-23 May, 2014 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-security_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 51
  • 52
  • Next
Details not found