Cross-Site Request Forgery Vulnerability in Cisco Unified Intelligence Center
CVE-2017-12253

8.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Unified Intelligence Center
Vendor
CVE Published:
21 September 2017

Summary

A vulnerability exists in Cisco's Unified Intelligence Center that could permit an unauthenticated remote attacker to execute unauthorized actions. This security flaw arises from insufficient protection against cross-site request forgery (CSRF), which could be exploited if a user is manipulated into triggering an adverse action within the affected web application. Attackers may leverage this vulnerability to perform harmful operations, potentially compromising confidential data or impacting service integrity.

Affected Version(s)

Cisco Unified Intelligence Center Cisco Unified Intelligence Center

References

http://www.securityfocus.com/bid/100919
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039409
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.