CVE-2017-6634
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the Device Manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the Device Manager web interface and with the privileges of the user. Cisco Bug IDs: CSCvc88811.
Vulnerabilidad en la interfaz web de Device Manager de Cisco Industrial Ethernet 1000 Series Switches 1.3 podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de falsificación de solicitud entre sitios (CSRF) contra un usuario de un sistema afectado. La vulnerabilidad se debe a la insuficiente protección de CSRF en la interfaz web del Administrador de dispositivos. Un atacante podría explotar esta vulnerabilidad persuadiendo a un usuario de la interfaz para que siga un enlace malicioso o visite un sitio web controlado por un atacante. Una explotación exitosa podría permitir al atacante enviar solicitudes arbitrarias a un dispositivo afectado a través de la interfaz web del Administrador de dispositivos y con los privilegios del usuario. ID de errores de Cisco: CSCvc88811.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-09 CVE Reserved
- 2017-05-22 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/98524 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038517 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Industrial Ethernet 1000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 1000 Series Firmware" | 1.3_base Search vendor "Cisco" for product "Industrial Ethernet 1000 Series Firmware" and version "1.3_base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie-1000-4p2s-lm Search vendor "Cisco" for product "Ie-1000-4p2s-lm" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 1000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 1000 Series Firmware" | 1.3_base Search vendor "Cisco" for product "Industrial Ethernet 1000 Series Firmware" and version "1.3_base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie-1000-4t1t-lm Search vendor "Cisco" for product "Ie-1000-4t1t-lm" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 1000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 1000 Series Firmware" | 1.3_base Search vendor "Cisco" for product "Industrial Ethernet 1000 Series Firmware" and version "1.3_base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie-1000-6t2t-lm Search vendor "Cisco" for product "Ie-1000-6t2t-lm" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Industrial Ethernet 1000 Series Firmware Search vendor "Cisco" for product "Industrial Ethernet 1000 Series Firmware" | 1.3_base Search vendor "Cisco" for product "Industrial Ethernet 1000 Series Firmware" and version "1.3_base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ie-1000-8p2s-lm Search vendor "Cisco" for product "Ie-1000-8p2s-lm" | - | - |
Safe
|