CVE-2015-0700

Опубликовано: 17 апр. 2015

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.

Ссылки

http://tools.cisco.com/security/center/viewAlert.x?alertId=38403
Vendor Advisory
http://www.securitytracker.com/id/1032163
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=38403
Vendor Advisory
http://www.securitytracker.com/id/1032163
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:secure_access_control_server_solution_engine:5.4.0.46.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_access_control_server_solution_engine:5.5.0.36:*:*:*:*:*:*:*

cpe:2.3:a:cisco:secure_access_control_server_solution_engine:5.5.0.46.4:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00107

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-gjv3-v7c3-jr39

github

больше 3 лет назад