Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability
Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability
Release date:
Updated on:
Affected Systems:
Cisco Prime Service catalogue 12.1
Cisco Prime Service catalogue 12.0
Cisco Prime Service Catalog 11.1.1
Description:
Bugtraq id: 102719
CVE (CAN) ID: CVE-2018-0107
Cisco Prime Service Catalog is a solution that provides all IT services through a single portal.
The Cisco Prime Service Catalog Web framework has a security vulnerability that allows unauthenticated remote attackers to perform arbitrary operations on affected devices. This vulnerability is due to the lack of cross-site Request Forgery protection.
<* Source: vendor
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-psc
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20180117-psc) and patches for this:
Cisco-sa-20180117-psc: Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-psc