CVE-2017-6756

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Provisioning Tool versions prior to 12.2

Description A lack of defense against cross-site request forgery (CSRF) attacks in the Web UI Application could allow an unauthenticated, remote attacker to execute unwanted actions by forcing the user's browser to perform any action authorized for that user.

Recommendations For versions prior to 12.2, update to a version that includes the fix for Cisco Bug ID CSCvc90280 to prevent cross-site request forgery (CSRF) attacks. As a temporary workaround, consider implementing additional CSRF protection measures to minimize the risk of exploitation.