HomePentest-Tools.com Logo

Cisco Webex Meetings Server Cross-Site Request Forgery Vulnerability CVE-2017-3794

Severity
CVSSv3 Score
8.8
Vulnerability description

A vulnerability in Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user.

Risk description

The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow an attacker to submit arbitrary requests to the affected device via the Administration pages with the privileges of the user.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jan 26, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available