Vulnerability Details CVE-2018-0107
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCvg30313.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/102719
- http://www.securitytracker.com/id/1040244
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-psc
- http://www.securityfocus.com/bid/102719
- http://www.securitytracker.com/id/1040244
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-psc
Products affected by CVE-2018-0107
-
cpe:2.3:a:cisco:prime_service_catalog:-
-
cpe:2.3:a:cisco:prime_service_catalog:10.0(r2)_base
-
cpe:2.3:a:cisco:prime_service_catalog:10.0_base
-
cpe:2.3:a:cisco:prime_service_catalog:10.1
-
cpe:2.3:a:cisco:prime_service_catalog:10.1_base
-
cpe:2.3:a:cisco:prime_service_catalog:11.0
-
cpe:2.3:a:cisco:prime_service_catalog:11.0_base
-
cpe:2.3:a:cisco:prime_service_catalog:11.1
-
cpe:2.3:a:cisco:prime_service_catalog:11.1.1
-
cpe:2.3:a:cisco:prime_service_catalog:11.1.2
-
cpe:2.3:a:cisco:prime_service_catalog:11.1_base
-
cpe:2.3:a:cisco:prime_service_catalog:12.0
-
cpe:2.3:a:cisco:prime_service_catalog:12.1
-
cpe:2.3:a:cisco:prime_service_catalog:9.4.1_vortex