CVE-2014-7996

Опубликовано: 18 нояб. 2014

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.

Ссылки

http://secunia.com/advisories/62565
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7996
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=36456
Vendor Advisory
http://www.securityfocus.com/bid/71171
https://exchange.xforce.ibmcloud.com/vulnerabilities/98769
http://secunia.com/advisories/62565
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7996
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=36456
Vendor Advisory
http://www.securityfocus.com/bid/71171
https://exchange.xforce.ibmcloud.com/vulnerabilities/98769

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00174

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-gcrc-7xmw-xj93

github

больше 3 лет назад