CVE-2015-6262

Published: Aug 25, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.

Affected (2)

Products: Cisco: Prime Infrastructure

Cisco

1 product

Prime Infrastructure

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Prime Infrastructure	Version 1.2.0.103
Cisco Prime Infrastructure	Version 2.0

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://tools.cisco.com/security/center/viewAlert.x?alertId=40652

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1033364

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/viewAlert.x?alertId=40652

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1033364

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.