Lucene search

MitreCVE-2009-1798

HistoryDec 28, 2009 - 7:30 p.m.

CVE-2009-1798

2009-12-2819:30:00

CWE-79

mitre

web.nvd.nist.gov

cve

2009

1798

xss

vulnerabilities

apc

switched rack pdu

nmc

network management card

web script

html

remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406.

Affected configurations

Nvd

Node

apcnetwork_management_card

AND

apcswitched_rack_pdu

VendorProductVersionCPE
apcnetwork_management_card*cpe:2.3:h:apc:network_management_card:*:*:*:*:*:*:*:*
apcswitched_rack_pdu*cpe:2.3:h:apc:switched_rack_pdu:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apc	network_management_card	*	cpe:2.3:h:apc:network_management_card::::::::
apc	switched_rack_pdu	*	cpe:2.3:h:apc:switched_rack_pdu::::::::

References

holisticinfosec.org/content/view/111/45/

nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887

secunia.com/advisories/37744

www.kb.cert.org/vuls/id/166739

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Related for CVE-2009-1798