First published: Thu Jan 18 2018(Updated: )
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCvg30313.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Prime Service Catalog |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of the Cisco Prime Service Catalog vulnerability is CVE-2018-0107.
CVE-2018-0107 has a severity rating of 8.8 (high).
The affected software of CVE-2018-0107 is Cisco Prime Service Catalog.
An attacker can exploit CVE-2018-0107 by exploiting a lack of cross-site request forgery (CSRF) protection in the web framework of Cisco Prime Service Catalog.
You can find more information about CVE-2018-0107 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/102719), [Security Tracker](http://www.securitytracker.com/id/1040244), [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-psc).