Lucene search

[email protected]NVD:CVE-2009-1797

HistoryDec 28, 2009 - 7:30 p.m.

CVE-2009-1797

2009-12-2819:30:00

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.002

Percentile

52.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact.

Affected configurations

Nvd

Node

apcnetwork_management_card

AND

apcswitched_rack_pdu

VendorProductVersionCPE
apcnetwork_management_card*cpe:2.3:h:apc:network_management_card:*:*:*:*:*:*:*:*
apcswitched_rack_pdu*cpe:2.3:h:apc:switched_rack_pdu:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apc	network_management_card	*	cpe:2.3:h:apc:network_management_card::::::::
apc	switched_rack_pdu	*	cpe:2.3:h:apc:switched_rack_pdu::::::::

References

holisticinfosec.org/content/view/111/45/

nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887

secunia.com/advisories/37744

www.kb.cert.org/vuls/id/166739

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.002

Percentile

52.0%

JSON

Related for NVD:CVE-2009-1797

cvelist1 cve1 prion1 cert1