Users are advised to immediately log out of web applications when they have completed their session.
Users are advised not to save usernames and passwords in their browsers.
Users are advised not to access sensitive applications and the internet within the same browser session.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
For additional information about cross-site request forgery attacks and potential methods of mitigation, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Request Forgery Threat Vectors
Administrators are advised to monitor affected systems.