Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-6669

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-26 Jun, 2017 | 07:00
Updated At-05 Aug, 2024 | 15:33
Rejected At-
Credits

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The following client builds are affected by this vulnerability: Cisco WebEx Business Suite (WBS29) client builds prior to T29.13.130, Cisco WebEx Business Suite (WBS30) client builds prior to T30.17, Cisco WebEx Business Suite (WBS31) client builds prior to T31.10. Cisco Bug IDs: CSCvc47758 CSCvc51227 CSCvc51242.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:26 Jun, 2017 | 07:00
Updated At:05 Aug, 2024 | 15:33
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The following client builds are affected by this vulnerability: Cisco WebEx Business Suite (WBS29) client builds prior to T29.13.130, Cisco WebEx Business Suite (WBS30) client builds prior to T30.17, Cisco WebEx Business Suite (WBS31) client builds prior to T31.10. Cisco Bug IDs: CSCvc47758 CSCvc51227 CSCvc51242.

Affected Products
Vendor
n/a
Product
Cisco WebEx Network Recording Player
Versions
Affected
  • Cisco WebEx Network Recording Player
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119
Type: CWE
CWE ID: CWE-119
Description: CWE-119
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038737
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/99196
vdb-entry
x_refsource_BID
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1038737
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/99196
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1038737
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/99196
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1038737
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/99196
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:26 Jun, 2017 | 07:29
Updated At:20 Apr, 2025 | 01:37

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The following client builds are affected by this vulnerability: Cisco WebEx Business Suite (WBS29) client builds prior to T29.13.130, Cisco WebEx Business Suite (WBS30) client builds prior to T30.17, Cisco WebEx Business Suite (WBS31) client builds prior to T31.10. Cisco Bug IDs: CSCvc47758 CSCvc51227 CSCvc51242.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Cisco Systems, Inc.
cisco
>>webex_advanced_recording_format_player>>29.10
cpe:2.3:a:cisco:webex_advanced_recording_format_player:29.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Secondarypsirt@cisco.com
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Secondary
Source: psirt@cisco.com
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/99196psirt@cisco.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038737psirt@cisco.com
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrppsirt@cisco.com
Vendor Advisory
http://www.securityfocus.com/bid/99196af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038737af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrpaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/99196
Source: psirt@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1038737
Source: psirt@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/99196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1038737
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2748Records found
CVE-2015-0759
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-02 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-headend_digital_broadband_delivery_systemn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0700
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-17 Apr, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_server_solution_enginen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0704
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-22 Apr, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_meetingplacen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0716
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.96%
||
7 Day CHG~0.00%
Published-07 May, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_connectionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0596
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.59%
||
7 Day CHG~0.00%
Published-02 Feb, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-8031
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 39.16%
||
7 Day CHG~0.00%
Published-09 Jan, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-7996
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 39.16%
||
7 Day CHG~0.00%
Published-18 Nov, 2014 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-1470
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.45%
||
7 Day CHG~0.00%
Published-02 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-small_business_220_series_smart_plus_switchesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-3305
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.19% / 41.06%
||
7 Day CHG~0.00%
Published-26 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-3267
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.00%
||
7 Day CHG~0.00%
Published-23 May, 2014 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-security_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-3408
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.56% / 67.10%
||
7 Day CHG~0.00%
Published-19 Oct, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_opticaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2178
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.64%
||
7 Day CHG~0.00%
Published-07 Nov, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-rv120wrv120w_firmwarerv220w_firmwarerv180rv220wrv180_firmwarerv180wn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-2194
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.40% / 60.03%
||
7 Day CHG~0.00%
Published-20 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_web_and_e-mail_interaction_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2115
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 35.04%
||
7 Day CHG~0.00%
Published-04 Apr, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-emergency_respondern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-2152
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 39.11%
||
7 Day CHG~0.00%
Published-12 Feb, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_infrastructuren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6408
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.67%
||
7 Day CHG~0.00%
Published-12 Dec, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_connectionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0745
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.96%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_contact_center_express_editor_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6378
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.96%
||
7 Day CHG~0.00%
Published-14 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-dpq3925_8x4_docsis_3.0_wireless_residential_gateway_with_embedded_digital_voice_adaptern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0740
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.67%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-6976
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 73.59%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-epc3925n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4257
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_mcu_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5494
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 32.08%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_meetingplace_web_conferencingunified_meetingplacen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4258
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_mse_8000_seriesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4256
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-10 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_ip_vcr_3.0n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1958
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 47.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:30
Updated-21 Nov, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx_data_platformCisco HyperFlex HX-Series
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4281
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.77%
||
7 Day CHG~0.00%
Published-22 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3451
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.96%
||
7 Day CHG~0.00%
Published-03 Aug, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3395
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 32.08%
||
7 Day CHG~0.00%
Published-02 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-email_security_appliance_firmwareweb_security_appliancecontent_security_management_appliancen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3397
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.96%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3450
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 32.08%
||
7 Day CHG~0.00%
Published-03 Aug, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 31.85%
||
7 Day CHG~0.00%
Published-29 Sep, 2014 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-linksys_wrt310n_router_firmwarelinksys_wrt350nn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-2678
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-71.30% / 98.65%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 14:15
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-linksys_e4200linksys_e4200_firmwaren/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2018-0451
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.70%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Tetration Analytics Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-tetration_analyticsCisco Tetration Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-1153
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 32.08%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_infrastructuren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-1128
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.67%
||
7 Day CHG~0.00%
Published-15 Feb, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_meetingplacen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-1109
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 32.08%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_training_centern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0741
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 31.55%
||
7 Day CHG~0.00%
Published-21 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-hosted_collaboration_solutionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-1200
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 57.72%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-1881
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.40% / 60.13%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 16:35
Updated-21 Nov, 2024 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on an affected device. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-industrial_network_directorCisco Industrial Network Director
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1807
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.6||HIGH
EPSS-0.42% / 61.02%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:25
Updated-20 Nov, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Umbrella Dashboard Session Management Vulnerability

A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user's browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-umbrellaCisco Umbrella
CWE ID-CWE-384
Session Fixation
CVE-2019-1857
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 16:40
Updated-21 Nov, 2024 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco HyperFlex HX-Series Web-Based Management Interface Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ucs_c480_ml_firmwareucs_c220_m5_firmwareucs_b480_m5_firmwareucs_c240_m5_firmwareucs_c480_mlucs_b200_m5ucs_c220_m5hx220c_af_m5_firmwareucs_b200_m5_firmwareucs_b480_m5ucs_c480_m5_firmwarehx220c_m5ucs_c125_m5ucs_c240_m5hx220c_edge_m5_firmwarehx240c_m5hx240c_af_m5hx240c_af_m5_firmwareucs_c480_m5hx220c_all_nvme_m5_firmwareucs_c125_m5_firmwarehx240c_m5_firmwarehx240c_large_form_factor_firmwarehx220c_edge_m5hx240c_large_form_factorhx220c_m5_firmwarehx220c_af_m5hx220c_all_nvme_m5Cisco HyperFlex HX-Series
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1874
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.68% / 70.56%
||
7 Day CHG~0.00%
Published-20 Jun, 2019 | 03:00
Updated-20 Nov, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-prime_service_catalogCisco Prime Service Catalog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-5992
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.57%
||
7 Day CHG~0.00%
Published-19 Dec, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controller_software7500_wireless_lan_controller2000_wireless_lan_controller8500_wireless_lan_controller2500_wireless_lan_controller2100_wireless_lan_controller5500_wireless_lan_controller4400_wireless_lan_controller4100_wireless_lan_controllern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-6634
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.35%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the Device Manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the Device Manager web interface and with the privileges of the user. Cisco Bug IDs: CSCvc88811.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ie-1000-4p2s-lmie-1000-6t2t-lmie-1000-8p2s-lmie-1000-4t1t-lmindustrial_ethernet_1000_series_firmwareCisco Industrial Ethernet 1000 Series Switches
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-2496
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.11% / 77.29%
||
7 Day CHG~0.00%
Published-20 Jun, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-anyconnect_secure_mobility_clientn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12624
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-2.81% / 85.58%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:05
Updated-20 Nov, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3850-24xs5760_wireless_lan_controllercatalyst_3850-nm-2-40gcatalyst_3850-12x48ucatalyst_4500e_supervisor_engine_8-ecatalyst_3650-8x24uqcatalyst_3650-12x48urcatalyst_3850-24uios_xecatalyst_3650-12x48uzcatalyst_3650-24pdcatalyst_3850-48xscatalyst_3850-24xucatalyst_3850-nm-8-10gcatalyst_3650-12x48uqcatalyst_3850-48ucatalyst_3650-48fqmcatalyst_3650-48fqcatalyst_3650-24pdmCisco IOS XE Software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-12636
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.50% / 64.92%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-21 Nov, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsf250-24psf250-08sg300-10p_firmwaresg300-52_firmwaresf250-08hp_firmwaresf250-10p_firmwaresg500-52mp_firmwaresf250-26sf250x-48p_firmwaresg300-52sf250-26_firmwaresg200-26sg500-28sg500x-48sg550x-48p_firmwaresx550x-24sg200-26_firmwaresg200-50p_firmwaresf200e48psg200-08psf250-24p_firmwaresf200-24_firmwaresg300-20sg500-28psx550x-12fsf200-48sf200e-24sf250x-48_firmwaresf350-48psf350-48sg550x-48mp_firmwaresg500x-24psf250-08_firmwaresf300-48psf300-24_firmwaresg500-52sf300-24mp_firmwaresf550x-24mp_firmwaresg500-28mpp_firmwaresg500-52psf200e-24psg350-28sf250-24sg500-52_firmwaresf250-26p_firmwaresf550x-48p_firmwaresg550x-48psg200-10fpsf300-24ppsf200e-48sf250-50hpsx550x-24ft_firmwaresg300-10mpp_firmwaresf250-50hp_firmwaresf550x-48_firmwaresf250-50psg200-50sg300-52mpsf250-18_firmwaresf250-26hp_firmwaresf250x-24psf250x-48psg350-10p_firmwaresg355-10psf200-48p_firmwaresg350-10psg200-26fp_firmwaresx550x-16ft_firmwaresg200-50psf302-08p_firmwaresg500-52mpsg300-52psf250-48sg300-20_firmwaresf250x-24sf500-24p_firmwaresf500-48sg300-10sfpsg550x-24_firmwaresg200-50fpsg300-28_firmwaresf302-08psg500-28mppsf500-24psf200-24p_firmwaresf302-08ppsf350-48p_firmwaresf300-48sg300-10sfp_firmwaresf550x-48mp_firmwaresf250-50sg350-28p_firmwaresf550x-24_firmwaresf250-48hp_firmwaresg300-28ppsf250-08hpsf250-26hpsg300-52mp_firmwaresg350-10mpsf500-48_firmwaresf550x-48psg500-28p_firmwaresg550x-24mppsf550x-24sf500-48psf200-24psg500-52p_firmwaresf500-48p_firmwaresf200e-24_firmwaresg300-28mpsf302-08mp_firmwaresf350-48mp_firmwaresf250-24_firmwaresg350-28mpsf302-08sg350-28mp_firmwaresg300-28pp_firmwaresf250-26psf200-24sx550x-24fsg500x-48psg350-10mp_firmwaresf302-08mpp_firmwaresf200e-48_firmwaresg355-10p_firmwaresg550x-24mp_firmwaresg500x-48p_firmwaresg200-18_firmwaresg300-10psg300-52p_firmwaresf300-48ppsg500x-24_firmwaresg550x-48_firmwaresf550x-24p_firmwaresg300-10mp_firmwaresf302-08_firmwaresg200-08p_firmwaresf200-24fp_firmwaresg550x-24sf250x-24_firmwaresg300-10mpsf250-18sf300-08sg300-10ppsf350-48_firmwaresx550x-24f_firmwaresg200-08sf250-50_firmwaresf250-10psf250x-24p_firmwaresg350-28psf200e48p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf200e-24p_firmwaresg300-28sx550x-52_firmwaresg200-10fp_firmwaresg350-28_firmwaresg300-10_firmwaresg350-10sf250x-48sg550x-24mpsx550x-16ftsf300-24p_firmwaresg500x-24sg550x-48mpsg350-10_firmwaresx550x-24ftsx550x-52sg200-50fp_firmwaresg500x-24p_firmwaresg300-10pp_firmwaresf550x-24psg300-10sf500-24sf300-48p_firmwaresf350-48mpsg550x-24p_firmwaresf200-24fpsg300-10mppsg500xg-8f8t_firmwaresg300-28psg550x-24psg200-26psf200-48psf300-24psf300-24sg200-08_firmwaresf302-08mppsg550x-48sf302-08mpsf250-48_firmwaresf300-48pp_firmwaresf300-24mpsg300-28mp_firmwaresf550x-24mpsx550x-12f_firmwaresf302-08pp_firmwaresg550x-24mpp_firmwaresf250-48hpsg200-18sx550x-24_firmwaresg200-50_firmwaresg500x-48_firmwaresf300-08_firmwaresf200-48_firmwaresg500xg-8f8tsf250-50p_firmwaresg500-28_firmwaresf500-24_firmwaresf300-48_firmwaresf300-24pp_firmwaresg300-28p_firmwareCisco Small Business 250 Series Smart Switches Software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-2186
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 32.08%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-1474
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:07
Updated-08 Nov, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Umbrella Link and CSV Formula Injection Vulnerabilities

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-umbrellaCisco Umbrella Insights Virtual Appliance
CWE ID-CWE-1236
Improper Neutralization of Formula Elements in a CSV File
CVE-2014-2190
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 32.08%
||
7 Day CHG~0.00%
Published-07 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-broadband_access_center_telco_wireless_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 54
  • 55
  • Next
Details not found