Vulnerability Details : CVE-2015-0651
Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2015-0651
- cpe:2.3:a:cisco:application_networking_manager:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0651
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0651
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-0651
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0651
-
http://www.securitytracker.com/id/1031815
Cisco Application Control Engine 4710 Lets Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker
-
http://www.securityfocus.com/bid/72796
Cisco Application Networking Manager CVE-2015-0651 Cross Site Request Forgery Vulnerability
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651
Cisco ACE 4710 Application Control Engine and Application Networking Manager Cross-Site Request Forgery VulnerabilityVendor Advisory
Jump to