| Cisco Headend Digital Broadband Delivery System Input Validation Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks |
| SecurityTracker Alert ID: 1032446 |
| SecurityTracker URL: http://securitytracker.com/id/1032446 |
| CVE Reference: (Links to External Site) |
| Date: Jun 2 2015 |
| Impact: |
| Fix Available: Yes Vendor Confirmed: Yes |
| Version(s): dncs-7.0.0.12 |
| Description: A vulnerability was reported in Cisco Headend Digital Broadband Delivery System. A remote user can conduct cross-site request forgery attacks. A remote user can create specially crafted HTML that, when loaded by a target authenticated user, will cause commands to be executed on the target site acting as the target user. The vendor has assigned bug ID CSCur25585 to this vulnerability. |
| Impact: A remote user can take actions on the site acting as the target user. |
| Solution: The vendor has issued a fix. The vendor's advisory is available at: http://tools.cisco.com/security/center/viewAlert.x?alertId=39133 |
| Vendor URL: (Links to External Site) |
| Cause: |
| Underlying OS: |
| |
| Message History: None. |