CVE-2018-0148

Name of the Vulnerable Software and Affected Versions: Cisco UCS Director Software (affected versions not specified) Cisco Integrated Management Controller (IMC) Supervisor Software (affected versions not specified)

Description: A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The issue is due to insufficient CSRF protection by the web-based management interface. An attacker could exploit this by persuading a user to click a malicious link, allowing the attacker to perform actions via the user's web browser and with the user's privileges.

Recommendations: For Cisco UCS Director Software, update to a version that includes the fix for Cisco Bug ID: CSCvf71929. For Cisco Integrated Management Controller (IMC) Supervisor Software, update to a version that includes the fix for Cisco Bug ID: CSCvf71929.