Vulnslist

Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerability

Cisco-SA-20140507-CVE-2014-2190 · Medium · Published 12 years ago · Updated 12 years ago

A vulnerability in the web framework of the Cisco Broadcast Access Center for Telco and Wireless (BAC-TW) could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack against the Cisco BAC-TW web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by persuading an authenticated user of the affected system to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to make changes to the Cisco BAC-TW on behalf of the user. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

Related Products