cisco-sa-20151117-firepower3

Cisco Firepower 9000 Cross-Site Request Forgery Vulnerability

cisco-sa-20151117-firepower3 · Medium · Published 10 years ago · Updated 10 years ago

A vulnerability in the Cisco Firepower 9000 Series Switch which could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower3

Cisco advisory ·CSAF JSON

Workarounds

Workarounds are not available.

CVEs	CVE-2015-6373
Cisco Bug IDs	CSCux10611
CVSS Score	Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:U/RC:C
Product Names From Source	Cisco Firepower Extensible Operating System, Firepower Extensible Operating System

Related Products

Product	CVE	Evidence
Firepower Extensible Operating System	CVE-2015-6373	Cisco OpenVuln
Cisco Firepower Extensible Operating System	CVE-2015-6373	Cisco OpenVuln
Cisco Firepower 9000 Series	CVE-2015-6373	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Firepower 9000 Cross-Site Request Forgery Vulnerability

Workarounds

Related Products