Description
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3267
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=34325
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030271
Scores
EPSS
0.0121
EPSS Percentile
64.9%
Details
CWE
CWE-352
Status
published
Products (8)
cisco/security_manager
4.0 (2 CPE variants)
cisco/security_manager
4.0.1 (3 CPE variants)
cisco/security_manager
4.1 (3 CPE variants)
cisco/security_manager
4.2 (2 CPE variants)
cisco/security_manager
4.3 (3 CPE variants)
cisco/security_manager
4.4 (3 CPE variants)
cisco/security_manager
4.5
cisco/security_manager
< 4.6
Published
May 26, 2014
Tracked Since
Feb 18, 2026