Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.
Max CVSS
8.3
EPSS Score
0.21%
Published
2013-12-10
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.
Max CVSS
6.8
EPSS Score
0.48%
Published
2013-12-19
Updated
2016-09-15
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.
Max CVSS
6.8
EPSS Score
0.15%
Published
2013-12-14
Updated
2016-09-16
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674.
Max CVSS
6.8
EPSS Score
0.09%
Published
2013-09-16
Updated
2013-10-18
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164.
Max CVSS
6.8
EPSS Score
0.16%
Published
2013-09-05
Updated
2013-09-12
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.
Max CVSS
6.8
EPSS Score
0.09%
Published
2013-08-29
Updated
2016-11-04
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.
Max CVSS
6.8
EPSS Score
0.09%
Published
2013-08-05
Updated
2013-08-05
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
Max CVSS
6.8
EPSS Score
0.09%
Published
2013-08-05
Updated
2013-08-05
Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177.
Max CVSS
6.8
EPSS Score
0.10%
Published
2013-07-12
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.
Max CVSS
6.8
EPSS Score
0.09%
Published
2013-07-18
Updated
2013-07-18
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
Max CVSS
6.8
EPSS Score
0.09%
Published
2013-06-26
Updated
2013-10-11
Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634.
Max CVSS
6.8
EPSS Score
0.09%
Published
2013-07-02
Updated
2018-10-30
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco WebEx Social allow remote attackers to hijack the authentication of arbitrary users via unspecified vectors, aka Bug IDs CSCuh10405 and CSCuh10355.
Max CVSS
4.3
EPSS Score
0.08%
Published
2013-06-21
Updated
2013-06-24
Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676.
Max CVSS
6.8
EPSS Score
0.09%
Published
2013-03-07
Updated
2013-03-08
Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
0.11%
Published
2013-02-15
Updated
2013-02-18
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
Max CVSS
6.8
EPSS Score
0.09%
Published
2013-02-06
Updated
2013-02-07
Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.
Max CVSS
6.8
EPSS Score
0.09%
Published
2013-01-17
Updated
2013-02-02
Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755.
Max CVSS
6.8
EPSS Score
0.17%
Published
2013-10-05
Updated
2017-08-29
18 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!