CVE-2018-0365

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ciscoCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
ciscosecure_firewall_management_center
6.0.1
ciscosecure_firewall_management_center
6.1.0
ciscosecure_firewall_management_center
6.2.0
ciscosecure_firewall_management_center
6.2.1
ciscosecure_firewall_management_center
6.2.2
ciscosecure_firewall_management_center
6.2.3
ciscofirepower_appliance_8360_firmware
6.0.1
ciscofirepower_appliance_8360_firmware
6.1.0
ciscofirepower_appliance_8360_firmware
6.2.0
ciscofirepower_appliance_8360_firmware
6.2.1
ciscofirepower_appliance_8360_firmware
6.2.2
ciscofirepower_appliance_8360_firmware
6.2.3
ciscofirepower_management_center_2500_firmware
6.0.1
ciscofirepower_management_center_2500_firmware
6.1.0
ciscofirepower_management_center_2500_firmware
6.2.0
ciscofirepower_management_center_2500_firmware
6.2.1
ciscofirepower_management_center_2500_firmware
6.2.2
ciscofirepower_management_center_2500_firmware
6.2.3
ciscofirepower_appliance_8120_firmware
6.0.1
ciscofirepower_appliance_8120_firmware
6.1.0
ciscofirepower_appliance_8120_firmware
6.2.0
ciscofirepower_appliance_8120_firmware
6.2.1
ciscofirepower_appliance_8120_firmware
6.2.2
ciscofirepower_appliance_8120_firmware
6.2.3
ciscofirepower_appliance_8260_firmware
6.0.1
ciscofirepower_appliance_8260_firmware
6.1.0
ciscofirepower_appliance_8260_firmware
6.2.0
ciscofirepower_appliance_8260_firmware
6.2.1
ciscofirepower_appliance_8260_firmware
6.2.2
ciscofirepower_appliance_8260_firmware
6.2.3
ciscofirepower_appliance_7050_firmware
6.0.1
ciscofirepower_appliance_7050_firmware
6.1.0
ciscofirepower_appliance_7050_firmware
6.2.0
ciscofirepower_appliance_7050_firmware
6.2.1
ciscofirepower_appliance_7050_firmware
6.2.2
ciscofirepower_appliance_7050_firmware
6.2.3
ciscofirepower_appliance_8130_firmware
6.0.1
ciscofirepower_appliance_8130_firmware
6.1.0
ciscofirepower_appliance_8130_firmware
6.2.0
ciscofirepower_appliance_8130_firmware
6.2.1
ciscofirepower_appliance_8130_firmware
6.2.2
ciscofirepower_appliance_8130_firmware
6.2.3
ciscofirepower_appliance_8140_firmware
6.0.1
ciscofirepower_appliance_8140_firmware
6.1.0
ciscofirepower_appliance_8140_firmware
6.2.0
ciscofirepower_appliance_8140_firmware
6.2.1
ciscofirepower_appliance_8140_firmware
6.2.2
ciscofirepower_appliance_8140_firmware
6.2.3
ciscofirepower_appliance_8350_firmware
6.0.1
ciscofirepower_appliance_8350_firmware
6.1.0
ciscofirepower_appliance_8350_firmware
6.2.0
ciscofirepower_appliance_8350_firmware
6.2.1
ciscofirepower_appliance_8350_firmware
6.2.2
ciscofirepower_appliance_8350_firmware
6.2.3
ciscoamp_8150_firmware
6.0.1
ciscoamp_8150_firmware
6.1.0
ciscoamp_8150_firmware
6.2.0
ciscoamp_8150_firmware
6.2.1
ciscoamp_8150_firmware
6.2.2
ciscoamp_8150_firmware
6.2.3
ciscoamp_7150_firmware
6.0.1
ciscoamp_7150_firmware
6.1.0
ciscoamp_7150_firmware
6.2.0
ciscoamp_7150_firmware
6.2.1
ciscoamp_7150_firmware
6.2.2
ciscoamp_7150_firmware
6.2.3
ciscofirepower_appliance_8270_firmware
6.0.1
ciscofirepower_appliance_8270_firmware
6.1.0
ciscofirepower_appliance_8270_firmware
6.2.0
ciscofirepower_appliance_8270_firmware
6.2.1
ciscofirepower_appliance_8270_firmware
6.2.2
ciscofirepower_appliance_8270_firmware
6.2.3
ciscongips_virtual_appliance
6.0.1
ciscongips_virtual_appliance
6.1.0
ciscongips_virtual_appliance
6.2.0
ciscongips_virtual_appliance
6.2.1
ciscongips_virtual_appliance
6.2.2
ciscongips_virtual_appliance
6.2.3
ciscofirepower_appliance_8390_firmware
6.0.1
ciscofirepower_appliance_8390_firmware
6.1.0
ciscofirepower_appliance_8390_firmware
6.2.0
ciscofirepower_appliance_8390_firmware
6.2.1
ciscofirepower_appliance_8390_firmware
6.2.2
ciscofirepower_appliance_8390_firmware
6.2.3
ciscofirepower_management_center_4500_firmware
6.0.1
ciscofirepower_management_center_4500_firmware
6.1.0
ciscofirepower_management_center_4500_firmware
6.2.0
ciscofirepower_management_center_4500_firmware
6.2.1
ciscofirepower_management_center_4500_firmware
6.2.2
ciscofirepower_management_center_4500_firmware
6.2.3
ciscofirepower_appliance_8250_firmware
6.0.1
ciscofirepower_appliance_8250_firmware
6.1.0
ciscofirepower_appliance_8250_firmware
6.2.0
ciscofirepower_appliance_8250_firmware
6.2.1
ciscofirepower_appliance_8250_firmware
6.2.2
ciscofirepower_appliance_8250_firmware
6.2.3
ciscofiresight_management_center_750_firmware
6.0.1
ciscofiresight_management_center_750_firmware
6.1.0
ciscofiresight_management_center_750_firmware
6.2.0
ciscofiresight_management_center_750_firmware
6.2.1
ciscofiresight_management_center_750_firmware
6.2.2
ciscofiresight_management_center_750_firmware
6.2.3
ciscofirepower_appliance_8370_firmware
6.0.1
ciscofirepower_appliance_8370_firmware
6.1.0
ciscofirepower_appliance_8370_firmware
6.2.0
ciscofirepower_appliance_8370_firmware
6.2.1
ciscofirepower_appliance_8370_firmware
6.2.2
ciscofirepower_appliance_8370_firmware
6.2.3
ciscofirepower_appliance_7120_firmware
6.0.1
ciscofirepower_appliance_7120_firmware
6.1.0
ciscofirepower_appliance_7120_firmware
6.2.0
ciscofirepower_appliance_7120_firmware
6.2.1
ciscofirepower_appliance_7120_firmware
6.2.2
ciscofirepower_appliance_7120_firmware
6.2.3
ciscofirepower_appliance_7010_firmware
6.0.1
ciscofirepower_appliance_7010_firmware
6.1.0
ciscofirepower_appliance_7010_firmware
6.2.0
ciscofirepower_appliance_7010_firmware
6.2.1
ciscofirepower_appliance_7010_firmware
6.2.2
ciscofirepower_appliance_7010_firmware
6.2.3
ciscofirepower_management_center_4000_firmware
6.0.1
ciscofirepower_management_center_4000_firmware
6.1.0
ciscofirepower_management_center_4000_firmware
6.2.0
ciscofirepower_management_center_4000_firmware
6.2.1
ciscofirepower_management_center_4000_firmware
6.2.2
ciscofirepower_management_center_4000_firmware
6.2.3
ciscofirepower_appliance_8290_firmware
6.0.1
ciscofirepower_appliance_8290_firmware
6.1.0
ciscofirepower_appliance_8290_firmware
6.2.0
ciscofirepower_appliance_8290_firmware
6.2.1
ciscofirepower_appliance_8290_firmware
6.2.2
ciscofirepower_appliance_8290_firmware
6.2.3
ciscofiresight_management_center_1500_firmware
6.0.1
ciscofiresight_management_center_1500_firmware
6.1.0
ciscofiresight_management_center_1500_firmware
6.2.0
ciscofiresight_management_center_1500_firmware
6.2.1
ciscofiresight_management_center_1500_firmware
6.2.2
ciscofiresight_management_center_1500_firmware
6.2.3
ciscofirepower_management_center_1000_firmware
6.0.1
ciscofirepower_management_center_1000_firmware
6.1.0
ciscofirepower_management_center_1000_firmware
6.2.0
ciscofirepower_management_center_1000_firmware
6.2.1
ciscofirepower_management_center_1000_firmware
6.2.2
ciscofirepower_management_center_1000_firmware
6.2.3
ciscofiresight_management_center_3500_firmware
6.0.1
ciscofiresight_management_center_3500_firmware
6.1.0
ciscofiresight_management_center_3500_firmware
6.2.0
ciscofiresight_management_center_3500_firmware
6.2.1
ciscofiresight_management_center_3500_firmware
6.2.2
ciscofiresight_management_center_3500_firmware
6.2.3
ciscofirepower_appliance_7125_firmware
6.0.1
ciscofirepower_appliance_7125_firmware
6.1.0
ciscofirepower_appliance_7125_firmware
6.2.0
ciscofirepower_appliance_7125_firmware
6.2.1
ciscofirepower_appliance_7125_firmware
6.2.2
ciscofirepower_appliance_7125_firmware
6.2.3
ciscofirepower_appliance_7020_firmware
6.0.1
ciscofirepower_appliance_7020_firmware
6.1.0
ciscofirepower_appliance_7020_firmware
6.2.0
ciscofirepower_appliance_7020_firmware
6.2.1
ciscofirepower_appliance_7020_firmware
6.2.2
ciscofirepower_appliance_7020_firmware
6.2.3
ciscofirepower_appliance_7030_firmware
6.0.1
ciscofirepower_appliance_7030_firmware
6.1.0
ciscofirepower_appliance_7030_firmware
6.2.0
ciscofirepower_appliance_7030_firmware
6.2.1
ciscofirepower_appliance_7030_firmware
6.2.2
ciscofirepower_appliance_7030_firmware
6.2.3
ciscofirepower_appliance_7110_firmware
6.0.1
ciscofirepower_appliance_7110_firmware
6.1.0
ciscofirepower_appliance_7110_firmware
6.2.0
ciscofirepower_appliance_7110_firmware
6.2.1
ciscofirepower_appliance_7110_firmware
6.2.2
ciscofirepower_appliance_7110_firmware
6.2.3
ciscofirepower_management_center_2000_firmware
6.0.1
ciscofirepower_management_center_2000_firmware
6.1.0
ciscofirepower_management_center_2000_firmware
6.2.0
ciscofirepower_management_center_2000_firmware
6.2.1
ciscofirepower_management_center_2000_firmware
6.2.2
ciscofirepower_management_center_2000_firmware
6.2.3
ciscofirepower_management_center_virtual_appliance
6.0.1
ciscofirepower_management_center_virtual_appliance
6.1.0
ciscofirepower_management_center_virtual_appliance
6.2.0
ciscofirepower_management_center_virtual_appliance
6.2.1
ciscofirepower_management_center_virtual_appliance
6.2.2
ciscofirepower_management_center_virtual_appliance
6.2.3
ciscofirepower_appliance_7115_firmware
6.0.1
ciscofirepower_appliance_7115_firmware
6.1.0
ciscofirepower_appliance_7115_firmware
6.2.0
ciscofirepower_appliance_7115_firmware
6.2.1
ciscofirepower_appliance_7115_firmware
6.2.2
ciscofirepower_appliance_7115_firmware
6.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104519
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepower-csrf
http://www.securityfocus.com/bid/104519
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepower-csrf