CVE-2018-0148
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protection by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, via the user's web browser and with the user's privileges, on an affected system. Cisco Bug IDs: CSCvf71929.
Una vulnerabilidad en la interfaz de gestión web de Cisco UCS Director Software y Cisco Integrated Management Controller (IMC) Supervisor Software podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Request Forgery (CSRF) y realice acciones arbitrarias en un sistema afectado. La vulnerabilidad se debe a la protección CSRF insuficiente por parte de la interfaz de gestión web del software afectado. Un atacante podría explotar esta vulnerabilidad haciendo que un usuario de la aplicación afectada haga clic en un enlace malicioso. Si se explota esta vulnerabilidad con éxito, un atacante podría realizar acciones arbitrarias mediante el navegador web del usuario con sus privilegios en un sistema afectado. Cisco Bug IDs: CSCvf71929.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-02-22 CVE Published
- 2023-07-15 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/103141 | Third Party Advisory | |
http://www.securitytracker.com/id/1040412 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucsd | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Ucs Director Search vendor "Cisco" for product "Ucs Director" | 6.5\(0.0.65832\) Search vendor "Cisco" for product "Ucs Director" and version "6.5\(0.0.65832\)" | - |
Affected
|