CVE-2018-15402

Name of the Vulnerable Software and Affected Versions Cisco Enterprise NFV Infrastructure Software (affected versions not specified)

Description A vulnerability in the software could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. This is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this by convincing a targeted user to follow a URL to a malicious website, potentially allowing the attacker to take actions within the software with the privileges of the targeted user or gain access to sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.