Lucene search

[email protected]CVE-2014-7996

HistoryNov 18, 2014 - 11:59 p.m.

CVE-2014-7996

2014-11-1823:59:04

CWE-352

[email protected]

web.nvd.nist.gov

cisco

cve-2014-7996

csrf

vulnerability

web framework

cisco integrated management controller

unified computing system

bug id cscuq45477

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

58.4%

JSON

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.

Affected configurations

NVD

Node

ciscounified_computing_systemMatch-

CPENameOperatorVersion
cisco:unified_computing_systemcisco unified computing systemeq-

CPE	Name	Operator	Version
cisco:unified_computing_system	cisco unified computing system	eq	-

References

secunia.com/advisories/62565

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7996

tools.cisco.com/security/center/viewAlert.x?alertId=36456

www.securityfocus.com/bid/71171

exchange.xforce.ibmcloud.com/vulnerabilities/98769

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

58.4%

JSON

Related for CVE-2014-7996

nessus1 cisco1 cvelist1 nvd1 prion1