CSRF in Cisco Identity_services_engine_software
CVE-2015-4267
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary u…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.001 (30.2th percentile) — read the EPSS interpretation.
Affected products
- Cisco Identity_services_engine_software — versions 1.2\(0.793\), 1.3\(0.876\), 1.4\(0.181\)
- N/a — versions n/a
Weakness classification (CWE)
References
- 1032929 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- 20150715 Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)