A vulnerability in the Cisco Firepower 9000 Series Switch which could allow an unauthenticated, remote attacker to execute unwanted actions.

The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower3

Leave a Reply