VDB
CVE-2018-0365
CVE-2018-0365
PUBLISHED
CVSS 8.800000190734863 HIGH
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750.
EPSS 0.19% · 41.0th percentile
Risk Scores
CVSS 3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.19%
41.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | firepower_appliance_8120_firmware | 6.0.1, 6.2.3, 6.2.2 |
| cisco | secure_firewall_management_center | 6.2.3, 6.2.2, 6.2.1 |
| cisco | firepower_appliance_7120_firmware | 6.1.0, 6.2.0, 6.2.1 |
| cisco | firepower_management_center_2500_firmware | 6.0.1, 6.1.0, 6.2.0 |
| cisco | firepower_appliance_8290_firmware | 6.2.2, 6.2.1, 6.0.1 |
| cisco | firepower_appliance_8260_firmware | 6.2.2, 6.0.1, 6.1.0 |
| cisco | firepower_appliance_8390_firmware | 6.1.0, 6.2.2, 6.2.3 |
| cisco | firepower_appliance_7115_firmware | 6.2.2, 6.0.1, 6.2.0 |
| cisco | firesight_management_center_750_firmware | 6.2.0, 6.2.1, 6.2.2 |
| cisco | firepower_appliance_7030_firmware | 6.1.0, 6.2.0, 6.2.1 |
| cisco | firepower_appliance_7020_firmware | 6.2.0, 6.2.1, 6.2.2 |
| cisco | ngips_virtual_appliance | 6.2.0, 6.2.1, 6.2.2 |
| cisco | firepower_appliance_7125_firmware | 6.2.1, 6.0.1, 6.1.0 |
| cisco | firepower_management_center_virtual_appliance | 6.2.2, 6.2.0, 6.2.1 |
| n/a | Cisco Firepower Management Center unknown | Cisco Firepower Management Center unknown |
| cisco | firepower_appliance_8270_firmware | 6.0.1, 6.1.0, 6.2.0 |
| cisco | firepower_appliance_8370_firmware | 6.2.3, 6.0.1, 6.1.0 |
| cisco | firepower_management_center_4000_firmware | 6.0.1, 6.2.3, 6.2.2 |
| cisco | firepower_appliance_8140_firmware | 6.1.0, 6.2.3, 6.2.2 |
| cisco | amp_7150_firmware | 6.1.0, 6.2.3, 6.2.2 |
…and 13 more
Exploit Intelligence
Timeline
- Jun 20, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score