Sign-up

ID

VAR-201411-0248


CVE

CVE-2014-7996


TITLE

Cisco Unified Computing System of Cisco Integrated Management Controller of Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-005538

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. Vendors have confirmed this vulnerability Bug ID CSCuq45477 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected user. Other attacks are also possible. This issue is being tracked by Cisco bug ID CSCuq45477. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). Cisco Integrated Management Controller (IMC) is a set of management tools used for it, which supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server

Trust: 1.98

sources: NVD: CVE-2014-7996 // JVNDB: JVNDB-2014-005538 // BID: 71171 // VULHUB: VHN-75941

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system central softwarescope:lteversion:3.0(1.c)

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:0

Trust: 0.3

sources: BID: 71171 // JVNDB: JVNDB-2014-005538 // CNNVD: CNNVD-201411-320 // NVD: CVE-2014-7996

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-7996
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-7996
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201411-320
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75941
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-7996
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75941
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75941 // JVNDB: JVNDB-2014-005538 // CNNVD: CNNVD-201411-320 // NVD: CVE-2014-7996

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-75941 // JVNDB: JVNDB-2014-005538 // NVD: CVE-2014-7996

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-320

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201411-320

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005538

PATCH
title:Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7996
Trust: 0.8
title:36456url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36456
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-005538

EXTERNAL IDS
db:NVDid:CVE-2014-7996
Trust: 2.8
db:BIDid:71171
Trust: 1.4
db:SECUNIAid:62565
Trust: 1.1
db:JVNDBid:JVNDB-2014-005538
Trust: 0.8
db:CNNVDid:CNNVD-201411-320
Trust: 0.7
db:VULHUBid:VHN-75941
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75941 // 
            
            
            
            BID: 71171 // 
            
            
            
            JVNDB: JVNDB-2014-005538 // 
            
            
            
            CNNVD: CNNVD-201411-320 // 
            
            
            
            NVD: CVE-2014-7996

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-7996
Trust: 1.7
url:http://www.securityfocus.com/bid/71171
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36456
Trust: 1.1
url:http://secunia.com/advisories/62565
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98769
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7996
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7996
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75941 // 
            
            
            
            BID: 71171 // 
            
            
            
            JVNDB: JVNDB-2014-005538 // 
            
            
            
            CNNVD: CNNVD-201411-320 // 
            
            
            
            NVD: CVE-2014-7996

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71171

SOURCES
db:VULHUBid:VHN-75941
db:BIDid:71171
db:JVNDBid:JVNDB-2014-005538
db:CNNVDid:CNNVD-201411-320
db:NVDid:CVE-2014-7996

LAST UPDATE DATE
2024-11-23T23:02:42.885000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75941date:2017-09-08T00:00:00
db:BIDid:71171date:2014-11-18T00:00:00
db:JVNDBid:JVNDB-2014-005538date:2014-11-20T00:00:00
db:CNNVDid:CNNVD-201411-320date:2014-11-19T00:00:00
db:NVDid:CVE-2014-7996date:2024-11-21T02:18:23.947

SOURCES RELEASE DATE
db:VULHUBid:VHN-75941date:2014-11-18T00:00:00
db:BIDid:71171date:2014-11-18T00:00:00
db:JVNDBid:JVNDB-2014-005538date:2014-11-20T00:00:00
db:CNNVDid:CNNVD-201411-320date:2014-11-19T00:00:00
db:NVDid:CVE-2014-7996date:2014-11-18T23:59:04.567