VDB-124838 · CVE-2018-0439 · BID 105287

Cisco Meeting Server Web-based Management Interface cross-site request forgery

A vulnerability was found in Cisco Meeting Server (Unified Communication Software) (affected version not known). It has been rated as problematic. Affected by this issue is an unknown function of the component Web-based Management Interface. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

150
014

Field

source_securityfocus_class1
source_securityfocus_date1
vulnerability_discoverydate1
vulnerability_cvss3_nvd_basescore1
exploit_0day_days1

Commit Conf

100%56
90%8

Approve Conf

100%56
90%8
IDCommitedUserFieldChangeRemarksAcceptedReasonC
834746903/30/2020VulD...securityfocus_classDesign Errorsecurityfocus.com03/30/2020accepted
100
834746803/30/2020VulD...securityfocus_date1536105600 (09/05/2018)securityfocus.com03/30/2020accepted
100
834741903/30/2020VulD...discoverydate153610560003/30/2020accepted
100
834747810/06/2018VulD...cvss3_nvd_basescore8.8nist.gov10/06/2018accepted
90
834747710/06/2018VulD...0day_days3010/06/2018accepted
90
834747610/06/2018VulD...cvss3_vuldb_rcCsee CVSS documentation10/06/2018accepted
90
834747510/06/2018VulD...cvss3_vuldb_rlOsee CVSS documentation10/06/2018accepted
90
834747410/06/2018VulD...cvss3_vuldb_eXsee CVSS documentation10/06/2018accepted
90
834747310/06/2018VulD...cvss2_vuldb_rcCsee CVSS documentation10/06/2018accepted
90
834747210/06/2018VulD...cvss2_vuldb_rlOFsee CVSS documentation10/06/2018accepted
90
834747110/06/2018VulD...cvss2_vuldb_eNDsee CVSS documentation10/06/2018accepted
90
834747010/06/2018VulD...securityfocus_titleCisco Meeting Server CVE-2018-0439 Cross Site Request Forgery Vulnerabilitysecurityfocus.com10/06/2018accepted
100
834746710/06/2018VulD...securityfocus105287securityfocus.com10/06/2018accepted
100
834746610/06/2018VulD...cve_nvd_summaryA vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.cve.org10/06/2018accepted
100
834746510/06/2018VulD...cve_nvd_published1538697600cve.org10/06/2018accepted
100
834746410/06/2018VulD...cve_assigned1511733600 (11/26/2017)cve.org10/06/2018accepted
100
834746310/06/2018VulD...cveCVE-2018-0439cve.org10/06/2018accepted
100
834746210/06/2018VulD...nameUpgrade10/06/2018accepted
100
834746110/06/2018VulD...price_0day$5k-$25ksee exploit price documentation10/06/2018accepted
100
834746010/06/2018VulD...identifiercisco-sa-20180905-meeting-csrf10/06/2018accepted
100

44 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!