vendor:
Network Management Card
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Request-Forgery and Cross-Site Scripting
352, 79
CWE
Product Name: Network Management Card
Affected Version From: Network Management Card Firmware 3.7.2
Affected Version To: Network Management Card Firmware 5.1.1
Patch Exists: YES
Related CWE: N/A
CPE: h:apc:network_management_card
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
APC Network Management Card Multiple Cross-Site Request-Forgery and Cross-Site Scripting Vulnerabilities
An attacker can exploit the cross-site request forgery issues to alter the settings on affected devices, which may lead to further network-based attacks. The attacker can exploit the cross-site scripting issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible.
Mitigation:
Ensure that all system components and software are kept up-to-date with the latest vendor-supplied patches. Restrict access to the affected device to trusted/authorized systems only. Disable unnecessary services and protocols on the affected device.
