8.8

CVE-2018-0365

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750.

Data is provided by the National Vulnerability Database (NVD)
CiscoAmp 8150 Firmware Version6.0.1
   CiscoAmp 8150
CiscoAmp 8150 Firmware Version6.1.0
   CiscoAmp 8150
CiscoAmp 8150 Firmware Version6.2.0
   CiscoAmp 8150
CiscoAmp 8150 Firmware Version6.2.1
   CiscoAmp 8150
CiscoAmp 8150 Firmware Version6.2.2
   CiscoAmp 8150
CiscoAmp 8150 Firmware Version6.2.3
   CiscoAmp 8150
CiscoAmp 7150 Firmware Version6.0.1
   CiscoAmp 7150
CiscoAmp 7150 Firmware Version6.1.0
   CiscoAmp 7150
CiscoAmp 7150 Firmware Version6.2.0
   CiscoAmp 7150
CiscoAmp 7150 Firmware Version6.2.1
   CiscoAmp 7150
CiscoAmp 7150 Firmware Version6.2.2
   CiscoAmp 7150
CiscoAmp 7150 Firmware Version6.2.3
   CiscoAmp 7150
CiscoNgips Virtual Appliance Version6.0.1
CiscoNgips Virtual Appliance Version6.1.0
CiscoNgips Virtual Appliance Version6.2.0
CiscoNgips Virtual Appliance Version6.2.1
CiscoNgips Virtual Appliance Version6.2.2
CiscoNgips Virtual Appliance Version6.2.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.2% 0.394
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://www.securityfocus.com/bid/104519
Third Party Advisory
VDB Entry