Guest

Preview Tool

Cisco Bug: CSCuq45477 - CSRF: CIMC LOM web UI is vulnerable to POST CSRF exploits

Last Modified

Apr 23, 2018

Products (1)

  • Cisco Unified Computing System

Known Affected Releases

1.5(4)

Description (partial)

Symptom:
Network scanners may flag  Cisco Integrated Management Controller as affected by CSRF vulnerabilities.

A vulnerability in the web framework code of Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to perform a 
cross-site request forgery (CSRF) attack.

Conditions:
Default configuration.

The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of the affected system to 
follow a malicious link or visit an attacker-controlled website.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.