Boletines de Vulnerabilidades

Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability

Información sobre el sistema
   
Software afectado Cisco

Descripción
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Application%20Policy%20Infrastructure%20Controller%20and%20Cisco%20Cloud%20Network%20Controller%20Cross-Site%20Request%20Forgery%20Vulnerability&vs_k=1

Identificadores estándar
Propiedad Valor
CVE CVE-2023-20011.

Histórico de versiones
Versión Comentario Data
1.0 Advisory issued 2023-02-23
Ministerio de Defensa
CNI
CCN
CCN-CERT