Cisco Prime Infrastructure Web Interface Cross-Site Request Forgery Vulnerability
Cisco Prime Infrastructure Web Interface Cross-Site Request Forgery Vulnerability
Release date:
Updated on:
Affected Systems:
Cisco Prime Infrastructure 2.0 (0.0)
Cisco Prime Infrastructure 1.2 (0.103)
Description:
CVE (CAN) ID: CVE-2015-6262
Cisco Prime Infrastructure is a solution for wireless management through Cisco technology LMS and NCS.
The implementation of Cisco Prime Infrastructure 1.2 (0.103) and 2.0 (0.0) has a Cross-Site Request Forgery Vulnerability. Remote attackers can exploit this vulnerability to hijack the authentication of arbitrary users.
<* Source: Cisco
*>
Suggestion:
Vendor patch:
Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://tools.cisco.com/security/center/viewAlert.x? AlertId = 40652
This article permanently updates the link address: