CVE-2018-15445

Name of the Vulnerable Software and Affected Versions Cisco Energy Management Suite Software (affected versions not specified)

Description The issue is related to insufficient CSRF protections in the web-based management interface, allowing an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. This could enable the attacker to perform arbitrary actions on an affected device by persuading an authenticated user to follow a crafted link. The exploit could allow the attacker to act with the privileges of the user, via a web browser.

Recommendations For Cisco Energy Management Suite Software, consider implementing additional CSRF protections for the web-based management interface to prevent exploitation. As a temporary workaround, restrict access to the web-based management interface to minimize the risk of exploitation. Avoid using the interface with untrusted or unknown links to prevent potential CSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.