Vulnerability CVE-2018-0365


Published: 2018-06-21

Description:
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750.

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Cisco -> Firepower management center 
Cisco -> Firepower appliance 8140 firmware 
Cisco -> Firepower management center virtual appliance 
Cisco -> Firepower appliance 8250 firmware 
Cisco -> Ngips virtual appliance 
Cisco -> Firepower appliance 8260 firmware 
Cisco -> Firepower management center 2500 firmware 
Cisco -> Firepower appliance 8270 firmware 
Cisco -> Amp 7150 firmware 
Cisco -> Firepower appliance 8290 firmware 
Cisco -> Amp 8150 firmware 
Cisco -> Firepower appliance 8350 firmware 
Cisco -> Firepower appliance 7010 firmware 
Cisco -> Firepower appliance 8360 firmware 
Cisco -> Firepower appliance 7020 firmware 
Cisco -> Firepower appliance 8370 firmware 
Cisco -> Firepower appliance 7030 firmware 
Cisco -> Firepower appliance 8390 firmware 
Cisco -> Firepower appliance 7050 firmware 
Cisco -> Firepower management center 1000 firmware 
Cisco -> Firepower appliance 7110 firmware 
Cisco -> Firepower management center 2000 firmware 
Cisco -> Firepower appliance 7115 firmware 
Cisco -> Firepower management center 4000 firmware 
Cisco -> Firepower appliance 7120 firmware 
Cisco -> Firepower management center 4500 firmware 
Cisco -> Firepower appliance 7125 firmware 
Cisco -> Firesight management center 1500 firmware 
Cisco -> Firepower appliance 8120 firmware 
Cisco -> Firesight management center 3500 firmware 
Cisco -> Firepower appliance 8130 firmware 
Cisco -> Firesight management center 750 firmware 

 References:
http://www.securityfocus.com/bid/104519
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepower-csrf

Copyright 2020, cxsecurity.com

 

Back to Top