ID
VAR-E-201705-0077
CVE
| cve_id: | CVE-2017-6634 | Trust: 0.3 |
TITLE
Cisco Industrial Ethernet 1000 Series Switches Cross Site Request Forgery Vulnerability
Trust: 0.3
DESCRIPTION
Cisco Industrial Ethernet 1000 Series Switches are prone to a cross-site request-forgery vulnerability because the application does not properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected user. Other attacks are also possible.
This issue is being tracked by Cisco bug ID CSCvc88811.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cisco | model: | industrial ethernet series switches | scope: | eq | version: | 10000 | Trust: 0.3 |
EXPLOIT
To exploit the issue an attacker must entice a user into visiting a malicious site.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Cisco
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-6634 | Trust: 0.3 |
| db: | BID | id: | 98524 | Trust: 0.3 |
REFERENCES
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-ie1000csrf | Trust: 0.3 |
SOURCES
| db: | BID | id: | 98524 |
LAST UPDATE DATE
2022-07-27T09:49:23.585000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 98524 | date: | 2017-05-17T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 98524 | date: | 2017-05-17T00:00:00 |