Cisco Unified Computing System Integrated Management Controller XSRF (CSCuq45477)

medium Nessus Plugin ID 83183

Synopsis

The remote device is affected by a cross-site request forgery vulnerability.

Description

A vulnerability in the web framework of the Cisco Unified Computing System Integrated Management Controller can allow an unauthenticated, remote attacker to perform a cross-site request forgery attack.

Solution

Contact the vendor for a fix or workaround. Also, refer to Cisco bug ID CSCuq45477 for patches that might possibly be available.

See Also

http://www.nessus.org/u?e45e7335

Plugin Details

Severity: Medium

ID: 83183

File Name: cisco-sn-CVE-2014-7996-ucs.nasl

Version: 1.4

Type: remote

Family: CISCO

Published: 5/1/2015

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/h:cisco:unified_computing_system

Required KB Items: installed_sw/cisco_ucs_manager

Exploit Ease: No known exploits are available

Patch Publication Date: 11/18/2014

Vulnerability Publication Date: 11/18/2014

Reference Information

CVE: CVE-2014-7996

BID: 71171

CISCO-BUG-ID: CSCuq45477