The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Cisco Prime Central for HCS: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger Cross Site Requests Forgery in Cisco Prime Central for HCS, in order to force the victim to perform operations.
Severity of this bulletin: 2/4.
Creation date: 21/05/2015.
Références of this threat: 38927, cisco-sa-20160629-pi-epnm, CSCut04596, CSCuw95626, CSCva27600, CVE-2015-0741, VIGILANCE-VUL-16953.

Description of the vulnerability

The Cisco Prime Central for HCS product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Cisco Prime Central for HCS, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

This cybersecurity alert impacts software or systems such as Cisco Prime Central for HCS, Prime Infrastructure.

Our Vigil@nce team determined that the severity of this weakness is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this security weakness.

Solutions for this threat

Cisco Prime Central for HCS: solution CSCut04596.
The solution CSCut04596 is available:
  https://tools.cisco.com/bugsearch/bug/CSCut04596

Cisco Prime Central for HCS: solution CSCuw95626.
The solution CSCuw95626 is available:
  https://tools.cisco.com/bugsearch/bug/CSCuw95626
  https://tools.cisco.com/quickview/bug/CSCuw95626

Cisco Prime Central for HCS: solution CSCva27600.
The solution CSCva27600 is available:
  https://tools.cisco.com/bugsearch/bug/CSCva27600
  https://tools.cisco.com/quickview/bug/CSCva27600

Cisco Prime Infrastructure: solution CSCuz01488, CSCuz01495.
The solution CSCuz01488, CSCuz01495 is available:
  https://tools.cisco.com/bugsearch/bug/CSCuz01488
  https://tools.cisco.com/quickview/bug/CSCuz01488
  https://tools.cisco.com/bugsearch/bug/CSCuz01495
  https://tools.cisco.com/quickview/bug/CSCuz01495
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computer security bulletins. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.