Lucene search

CiscoCISCO-SA-20150514-CVE-2015-0736

HistoryMay 14, 2015 - 4:58 p.m.

Cisco MediaSense Cross-Site Request Forgery Vulnerability

2015-05-1416:58:55

tools.cisco.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

32.7%

JSON

A vulnerability in Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface.

The vulnerability is due to insufficient CSRF protections on the Cisco MediaSense web interface. An attacker could exploit this vulnerability by persuading an authenticated user of the affected system to follow a malicious link or visit an attacker-controlled website.

Cisco has confirmed the vulnerability and released software updates.

To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.

Affected configurations

Vulners

Node

ciscomediasenseMatchany

VendorProductVersionCPE
ciscomediasenseanycpe:2.3:a:cisco:mediasense:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	mediasense	any	cpe:2.3:a:cisco:mediasense:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150514-CVE-2015-0736

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

32.7%

JSON

Related for CISCO-SA-20150514-CVE-2015-0736