Cross-Site Request Forgery Vulnerability in Cisco IoT Field Network Director
CVE-2018-0270

8.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco Iot Field Network Director
Vendor: CVE Published:; 17 May 2018

Summary

A security issue in the web-based management interface of Cisco IoT Field Network Director allows unauthenticated remote attackers to execute cross-site request forgery (CSRF) attacks. This vulnerability arises from inadequate CSRF protection, which can lead to unauthorized alterations of user and group data on the affected device. By tricking an authenticated user into clicking on a malicious link, an attacker can perform actions with the same privileges as that user. Should the user possess administrative privileges, the attacker may create a new privileged account, gaining comprehensive control over the device. This jeopardizes the security of connected infrastructures reliant on the affected Cisco products.

Affected Version(s)

Cisco IoT Field Network Director Cisco IoT Field Network Director

References

http://www.securityfocus.com/bid/104242

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2018
Vulnerability Reserved
Nov 27, 2017