CVE-2014-7996: CSRF
First published: Tue Nov 18 2014(Updated: )
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Computing System software |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-7996?
CVE-2014-7996 has a medium severity rating due to its ability to facilitate cross-site request forgery attacks.
How do I fix CVE-2014-7996?
To fix CVE-2014-7996, apply the latest security updates provided by Cisco for the Unified Computing System.
What are the potential impacts of CVE-2014-7996?
The potential impacts of CVE-2014-7996 include unauthorized access to user accounts and potential data loss or exposure.
Who is affected by CVE-2014-7996?
CVE-2014-7996 affects users of the Cisco Unified Computing System that are using vulnerable versions of the web framework.
Is CVE-2014-7996 a common vulnerability?
CVE-2014-7996 is categorized as a cross-site request forgery vulnerability, which is a well-known type of security issue.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified computing system software