Lucene search

MitreCVE-2009-1797

HistoryDec 28, 2009 - 7:30 p.m.

CVE-2009-1797

2009-12-2819:30:00

CWE-352

mitre

web.nvd.nist.gov

cve-2009-1797

csrf

apc

switched rack pdu

nmc

network management card

security vulnerability

hijacking authentication

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.002

Percentile

52.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact.

Affected configurations

Nvd

Node

apcnetwork_management_card

AND

apcswitched_rack_pdu

VendorProductVersionCPE
apcnetwork_management_card*cpe:2.3:h:apc:network_management_card:*:*:*:*:*:*:*:*
apcswitched_rack_pdu*cpe:2.3:h:apc:switched_rack_pdu:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apc	network_management_card	*	cpe:2.3:h:apc:network_management_card::::::::
apc	switched_rack_pdu	*	cpe:2.3:h:apc:switched_rack_pdu::::::::

References

holisticinfosec.org/content/view/111/45/

nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887

secunia.com/advisories/37744

www.kb.cert.org/vuls/id/166739

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.002

Percentile

52.0%

JSON

Related for CVE-2009-1797