CVE-2017-6634

Name of the Vulnerable Software and Affected Versions Cisco Industrial Ethernet 1000 Series Switches version 1.3

Description A vulnerability in the Device Manager web interface could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The issue is due to insufficient CSRF protection by the Device Manager web interface. An attacker could exploit this by persuading a user to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the Device Manager web interface with the privileges of the user.

Recommendations For Cisco Industrial Ethernet 1000 Series Switches version 1.3, consider disabling access to the Device Manager web interface until a patch is available to prevent potential CSRF attacks. Restrict access to the interface to minimize the risk of exploitation. Avoid using the Device Manager web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.