Cisco Energy Management Suite CVE-2018-15445 Cross Site Request Forgery Vulnerability
BID:105859
CVE-2018-15445 |Info
Cisco Energy Management Suite CVE-2018-15445 Cross Site Request Forgery Vulnerability
| Bugtraq ID: | 105859 |
| Class: | Design Error |
| CVE: |
CVE-2018-15445 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2018 12:00AM |
| Updated: | Nov 07 2018 12:00AM |
| Credit: | Chris Lyne from Tenable |
| Vulnerable: |
Cisco Energy Management Suite 5.2.2 Cisco Energy Management Suite 5.2 Cisco Energy Management Suite 4.4 |
| Not Vulnerable: | |
Discussion
Cisco Energy Management Suite CVE-2018-15445 Cross Site Request Forgery Vulnerability
Cisco Energy Management Suite is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCvm29341.
Cisco Energy Management Suite is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCvm29341.
Exploit / POC
Cisco Energy Management Suite CVE-2018-15445 Cross Site Request Forgery Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim to open a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim to open a malicious URI.
Solution / Fix
Cisco Energy Management Suite CVE-2018-15445 Cross Site Request Forgery Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Cisco Energy Management Suite CVE-2018-15445 Cross Site Request Forgery Vulnerability
References:
References: