Cisco Webex Meetings Server Cross-Site Request Forgery Vulnerability CVE-2017-3794
- CVSSv3 Score
- Vulnerability description
A vulnerability in Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user.
- Risk description
The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow an attacker to submit arbitrary requests to the affected device via the Administration pages with the privileges of the user.
See the referenced vendor advisory for a solution.
- Not available