First published: Thu Jan 24 2019(Updated: )
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Unified Intelligence Center | =11.6\(1\) | |
=11.6\(1\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1658 is a vulnerability in the web-based management interface of Cisco Unified Intelligence Center that allows an unauthenticated attacker to perform arbitrary actions on an affected device.
CVE-2019-1658 has a severity level of 7.4 which is considered high.
CVE-2019-1658 works by exploiting insufficient CSRF protection in Cisco Unified Intelligence Center's web-based management interface, allowing an attacker to conduct cross-site request forgery attacks.
CVE-2019-1658 can be exploited by an unauthenticated remote attacker through a cross-site request forgery (CSRF) attack on the web-based management interface of Cisco Unified Intelligence Center.
Yes, Cisco has provided a security advisory with recommended mitigations and software updates to address CVE-2019-1658.