CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (CSRF)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3305 352 CSRF 2014-07-26 2014-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.
2 CVE-2014-3267 352 CSRF 2014-05-25 2014-06-13
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.
3 CVE-2014-2190 352 CSRF 2014-05-07 2014-05-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389.
4 CVE-2014-2186 352 CSRF 2014-04-30 2014-04-30
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777.
5 CVE-2014-2115 352 CSRF 2014-04-04 2014-04-04
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.
6 CVE-2014-0745 352 CSRF 2014-02-26 2014-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.
7 CVE-2014-0740 352 CSRF 2014-02-26 2014-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.
8 CVE-2014-0736 352 CSRF 2014-02-20 2014-02-20
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.
9 CVE-2013-7043 352 1 CSRF 2013-12-10 2013-12-19
8.3
None Remote Medium Not required Partial Partial Complete
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.
10 CVE-2013-6976 352 1 CSRF 2013-12-19 2014-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.
11 CVE-2013-6710 352 CSRF 2013-12-14 2014-01-13
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.
12 CVE-2013-5494 352 CSRF 2013-09-16 2013-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674.
13 CVE-2013-5471 352 CSRF 2013-09-04 2013-09-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164.
14 CVE-2013-3472 352 CSRF 2013-08-29 2013-09-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.
15 CVE-2013-3451 352 CSRF 2013-08-05 2013-08-05
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.
16 CVE-2013-3450 352 CSRF 2013-08-05 2013-08-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
17 CVE-2013-3424 352 CSRF 2013-07-12 2013-08-25
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177.
18 CVE-2013-3420 352 CSRF 2013-07-18 2013-07-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.
19 CVE-2013-3397 352 CSRF 2013-06-26 2013-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
20 CVE-2013-3395 352 CSRF 2013-07-01 2013-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634.
21 CVE-2013-3392 352 CSRF 2013-06-21 2013-06-24
4.3
None Remote Medium Not required None Partial None
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco WebEx Social allow remote attackers to hijack the authentication of arbitrary users via unspecified vectors, aka Bug IDs CSCuh10405 and CSCuh10355.
22 CVE-2013-3068 352 CSRF 2014-09-29 2014-09-30
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports.
23 CVE-2013-1128 352 CSRF 2013-02-15 2013-02-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information.
24 CVE-2013-1120 352 CSRF 2013-02-06 2013-02-07
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
25 CVE-2013-1109 352 CSRF 2013-01-17 2013-02-02
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.
26 CVE-2012-5992 352 XSS CSRF 2012-12-19 2013-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
27 CVE-2012-4084 352 CSRF 2013-10-05 2013-10-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755.
28 CVE-2012-3908 352 CSRF 2012-09-16 2013-03-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
29 CVE-2011-4005 352 Exec Code CSRF 2011-11-03 2011-11-16
9.3
None Remote Medium Not required Complete Complete Complete
Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.
30 CVE-2011-3293 352 XSS CSRF 2012-05-02 2012-06-08
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.
31 CVE-2011-2544 79 1 DoS XSS CSRF 2011-09-23 2012-02-13
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.
32 CVE-2010-2025 352 CSRF 2010-05-26 2010-05-27
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.
33 CVE-2009-2073 352 CSRF 2009-06-15 2010-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions.
34 CVE-2009-1561 352 1 CSRF 2009-05-06 2009-05-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.
35 CVE-2009-0471 352 Exec Code CSRF 2009-02-06 2009-02-12
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.
36 CVE-2009-0056 352 Exec Code CSRF 2009-01-16 2009-02-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action.
37 CVE-2009-0055 352 CSRF 2009-01-16 2009-02-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.
38 CVE-2008-4128 352 2 Exec Code CSRF 2008-09-18 2008-09-24
9.3
None Remote Medium Not required Complete Complete Complete
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
Total number of vulnerabilities : 38   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.