PT-2015-4780 · Cisco · Cisco 4710 Application Control Engine+2
Published
2015-02-27
·
Updated
2015-11-02
·
CVE-2015-0651
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Cisco Application Networking Manager (ANM) (affected versions not specified)
Cisco Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances (affected versions not specified)
Description
A cross-site request forgery (CSRF) issue in the web GUI of the affected products allows remote attackers to hijack the authentication of arbitrary users.
Recommendations
For Cisco Application Networking Manager (ANM), update to a version that includes the fix for Bug ID CSCuo99753.
For Cisco Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, update to a version that includes the fix for Bug ID CSCuo99753.
As a temporary workaround, consider implementing additional authentication measures to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco 4710 Application Control Engine
Cisco Application Networking Manager
Cisco Device Manager