A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the targeted application. An exploit could allow the attacker to view sensitive information that should require authentication. Cisco Bug IDs: CSCvh31272.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103946 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1 | Vendor Advisory |
http://www.securityfocus.com/bid/103946 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1 | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/103946 - Third Party Advisory, VDB Entry | |
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1 - Vendor Advisory |
Information
Published : 2018-04-19 20:29
Updated : 2024-11-21 03:37
NVD link : CVE-2018-0260
Mitre link : CVE-2018-0260
CVE.ORG link : CVE-2018-0260
JSON object : View
Products Affected
cisco
- mate_live
CWE
CWE-20
Improper Input Validation