CVE-2018-0365
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750.
Affected (192)
Products: Cisco: Secure Firewall Management Center, Firepower Appliance 8360 Firmware, Firepower Management Center 2500 Firmware, Firepower Appliance 8120 Firmware, Firepower Appliance 8260 Firmware, Firepower Appliance 7050 Firmware, Firepower Appliance 8130 Firmware, Firepower Appliance 8140 Firmware, Firepower Appliance 8350 Firmware, Amp 8150 Firmware, Amp 7150 Firmware, Firepower Appliance 8270 Firmware, Ngips Virtual Appliance, Firepower Appliance 8390 Firmware, Firepower Management Center 4500 Firmware, Firepower Appliance 8250 Firmware, Firesight Management Center 750 Firmware, Firepower Appliance 8370 Firmware, Firepower Appliance 7120 Firmware, Firepower Appliance 7010 Firmware, Firepower Management Center 4000 Firmware, Firepower Appliance 8290 Firmware, Firesight Management Center 1500 Firmware, Firepower Management Center 1000 Firmware, Firesight Management Center 3500 Firmware, Firepower Appliance 7125 Firmware, Firepower Appliance 7020 Firmware, Firepower Appliance 7030 Firmware, Firepower Appliance 7110 Firmware, Firepower Management Center 2000 Firmware, Firepower Management Center Virtual Appliance, Firepower Appliance 7115 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 8360 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Management Center 2500 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 8120 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 8260 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 7050 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 8130 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 8140 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 8350 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Amp 8150 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Amp 7150 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 8270 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 8390 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Management Center 4500 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 8250 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firesight Management Center 750 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 8370 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 7120 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 7010 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Management Center 4000 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 8290 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firesight Management Center 1500 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Management Center 1000 | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firesight Management Center 3500 | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 7125 | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 7020 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 7030 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 7110 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Management Center 2000 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower Appliance 7115 | All versions |
References (4)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.