CSRF in Cisco Firepower_extensible_operating_system

CVE-2015-6373

Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (29.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Firepower_extensible_operating_system — versions 1.1\(1.160\)
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

20151117 Cisco Firepower 9000 Cross-Site Request Forgery Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)