CVE-2015-0651
Summary
| CVE | CVE-2015-0651 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-02-27 02:59:00 UTC |
| Updated | 2015-11-02 18:29:00 UTC |
| Description | Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Application Networking Manager | - | All | All | All |
| Application | Cisco | Application Networking Manager | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco ACE 4710 Application Control Engine and Application Networking Manager Cross-Site Request Forgery Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Cisco Application Control Engine 4710 Lets Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Cisco Application Networking Manager CVE-2015-0651 Cross Site Request Forgery Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.