cnvd - cnvd-2015-01409

CNVD-2015-01409

Vulnerability from cnvd - Published: 2015-03-04

Title

Cisco Application Networking Manager跨站请求伪造漏洞

Description

Cisco Application Networking Manager是美国思科（Cisco）公司一套网络应用管理工具。 Cisco Application Networking Manager存在跨站请求伪造漏洞。远程攻击者可利用此漏洞以用户权限向受影响设备提交任意请求。

Severity

中

Patch Name

Cisco Application Networking Manager跨站请求伪造漏洞的补丁

Patch Description

Cisco Application Networking Manager是美国思科（Cisco）公司一套网络应用管理工具。 Cisco Application Networking Manager存在跨站请求伪造漏洞。远程攻击者可利用此漏洞以用户权限向受影响设备提交任意请求。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可以联系供应商获得补丁信息： http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651

Reference

http://www.securityfocus.com/bid/72796 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0651

Impacted products

Name
Cisco Application Networking Manager (ANM) null

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72796"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0651"
    }
  },
  "description": "Cisco Application Networking Manager\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e00\u5957\u7f51\u7edc\u5e94\u7528\u7ba1\u7406\u5de5\u5177\u3002\r\n\r\nCisco Application Networking Manager\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4ee5\u7528\u6237\u6743\u9650\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u63d0\u4ea4\u4efb\u610f\u8bf7\u6c42\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u4ee5\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01409",
  "openTime": "2015-03-04",
  "patchDescription": "Cisco Application Networking Manager\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e00\u5957\u7f51\u7edc\u5e94\u7528\u7ba1\u7406\u5de5\u5177\u3002\r\n\r\nCisco Application Networking Manager\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4ee5\u7528\u6237\u6743\u9650\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u63d0\u4ea4\u4efb\u610f\u8bf7\u6c42\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Application Networking Manager\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Application Networking Manager (ANM) null"
  },
  "referenceLink": "http://www.securityfocus.com/bid/72796\r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0651",
  "serverity": "\u4e2d",
  "submitTime": "2015-02-28",
  "title": "Cisco Application Networking Manager\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2015-0651 (GCVE-0-2015-0651)

Vulnerability from cvelistv5 – Published: 2015-02-27 02:00 – Updated: 2024-08-06 04:17

Summary

Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753.

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1031815	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/72796	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150226 Cisco ACE 4710 Application Control Engine and Application Neworking Manager Cross-Site Request Forgery Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651"
          },
          {
            "name": "1031815",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031815"
          },
          {
            "name": "72796",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72796"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-05T15:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150226 Cisco ACE 4710 Application Control Engine and Application Neworking Manager Cross-Site Request Forgery Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651"
        },
        {
          "name": "1031815",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031815"
        },
        {
          "name": "72796",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72796"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0651",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150226 Cisco ACE 4710 Application Control Engine and Application Neworking Manager Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651"
            },
            {
              "name": "1031815",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031815"
            },
            {
              "name": "72796",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72796"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0651",
    "datePublished": "2015-02-27T02:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:32.595Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-01409

CVE-2015-0651 (GCVE-0-2015-0651)

Tags

Sightings

Nomenclature