Cross-Site Request Forgery in Cisco UCS Director and IMC Supervisor Software
CVE-2018-0148

8.8HIGH

Key Information:

Vendor

Cisco
Status
Cisco Ucs Director And Cisco Integrated Management Controller Supervisor
Vendor
CVE Published:
22 February 2018

What is CVE-2018-0148?

A vulnerability exists in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software. This flaw could allow an unauthenticated remote attacker to execute a cross-site request forgery (CSRF) attack, enabling them to perform arbitrary actions on the affected system. The vulnerability arises from a lack of adequate CSRF protection in the web interface. An attacker could exploit this vulnerability by deceiving a user into clicking a malicious link, which could allow the attacker to take actions on the system using the user's privileges, potentially compromising the security and integrity of the affected systems.

Affected Version(s)

Cisco UCS Director and Cisco Integrated Management Controller Supervisor Cisco UCS Director and Cisco Integrated Management Controller Supervisor

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103141
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040412
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.