cnvd-2018-05308
Vulnerability from cnvd
Title
Cisco UCS Director Software和Cisco Integrated Management Controller Supervisor Software跨站请求伪造漏洞
Description
Cisco UCS Director Software和Cisco Integrated Management Controller(IMC)Supervisor Software都是美国思科(Cisco)公司的产品。Cisco UCS Director Software是一套融合基础设施管理解决方案。Cisco Integrated Management Controller(IMC)Supervisor Software是一套用于对UCS(统一计算系统)进行管理的工具。 Cisco UCS Director Software和Cisco IMC Supervisor Software中的基于Web的管理界面存在跨站请求伪造漏洞,远程攻击者可通过诱使用户点击恶意链接利用该漏洞执行任意操作。
Severity
Patch Name
Cisco UCS Director Software和Cisco Integrated Management Controller Supervisor Software跨站请求伪造漏洞的补丁
Patch Description
Cisco UCS Director Software和Cisco Integrated Management Controller(IMC)Supervisor Software都是美国思科(Cisco)公司的产品。Cisco UCS Director Software是一套融合基础设施管理解决方案。Cisco Integrated Management Controller(IMC)Supervisor Software是一套用于对UCS(统一计算系统)进行管理的工具。 Cisco UCS Director Software和Cisco IMC Supervisor Software中的基于Web的管理界面存在跨站请求伪造漏洞,远程攻击者可通过诱使用户点击恶意链接利用该漏洞执行任意操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf71929

Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucsd https://www.securityfocus.com/bid/103141
Impacted products
Name
['Cisco UCS Director Software 0', 'Cisco Integrated Management Controller (IMC) Supervisor Software 0']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "103141"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0148"
    }
  },
  "description": "Cisco UCS Director Software\u548cCisco Integrated Management Controller\uff08IMC\uff09Supervisor Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco UCS Director Software\u662f\u4e00\u5957\u878d\u5408\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002Cisco Integrated Management Controller\uff08IMC\uff09Supervisor Software\u662f\u4e00\u5957\u7528\u4e8e\u5bf9UCS\uff08\u7edf\u4e00\u8ba1\u7b97\u7cfb\u7edf\uff09\u8fdb\u884c\u7ba1\u7406\u7684\u5de5\u5177\u3002\r\n\r\nCisco UCS Director Software\u548cCisco IMC Supervisor Software\u4e2d\u7684\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\u6076\u610f\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf71929",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05308",
  "openTime": "2018-03-15",
  "patchDescription": "Cisco UCS Director Software\u548cCisco Integrated Management Controller\uff08IMC\uff09Supervisor Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco UCS Director Software\u662f\u4e00\u5957\u878d\u5408\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002Cisco Integrated Management Controller\uff08IMC\uff09Supervisor Software\u662f\u4e00\u5957\u7528\u4e8e\u5bf9UCS\uff08\u7edf\u4e00\u8ba1\u7b97\u7cfb\u7edf\uff09\u8fdb\u884c\u7ba1\u7406\u7684\u5de5\u5177\u3002\r\n\r\nCisco UCS Director Software\u548cCisco IMC Supervisor Software\u4e2d\u7684\u57fa\u4e8eWeb\u7684\u7ba1\u7406\u754c\u9762\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\u6076\u610f\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco UCS Director Software\u548cCisco Integrated Management Controller Supervisor Software\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco UCS Director Software 0",
      "Cisco Integrated Management Controller (IMC) Supervisor Software 0"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucsd\r\nhttps://www.securityfocus.com/bid/103141",
  "serverity": "\u4e2d",
  "submitTime": "2018-02-26",
  "title": "Cisco UCS Director Software\u548cCisco Integrated Management Controller Supervisor Software\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.