CVE-2015-0700

Cisco Secure Access Control Server Solution Engine - Cross-Site Request Forgery in Dashboard Page

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032163
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=38403

Scores

EPSS 0.0145
EPSS Percentile 70.1%

Details

CWE
CWE-352
Status published
Products (3)
cisco/secure_access_control_server_solution_engine 5.4.0.46.6
cisco/secure_access_control_server_solution_engine 5.5.0.36
cisco/secure_access_control_server_solution_engine 5.5.0.46.4
Published Apr 17, 2015
Tracked Since Feb 18, 2026