CVE-2014-7996

Published: Nov 18, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.

Affected (1)

Products: Cisco: Unified Computing System

Cisco

1 product

Unified Computing System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Computing System	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

http://secunia.com/advisories/62565

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7996

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=36456

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/71171

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/98769

Source: psirt@cisco.com

http://secunia.com/advisories/62565