Cross-Site Request Forgery Vulnerability in Cisco Application Networking Manager and Device Manager
CVE-2015-0651

Currently unrated

Key Information:

Vendor: Cisco
Status: Application Networking Manager
Vendor: CVE Published:; 27 February 2015

Summary

A cross-site request forgery vulnerability exists in the web GUI of Cisco Application Networking Manager and Device Manager on Cisco 4710 Application Control Engine appliances. This security issue allows remote attackers to perform unwanted actions on behalf of authenticated users, potentially leading to unauthorized access and manipulation of user sessions. The flaw is detailed under Bug ID CSCuo99753, with the potential to compromise user authentication and integrity.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1031815

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/72796

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 27, 2015
Vulnerability Reserved
Jan 7, 2015