Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: APC NMC, vulnerabilities of the web interface

January 2010 by Vigil@nce

An attacker can generate a Cross Site Scripting and a Cross Site
Request Forgery on APC Network Management Card products.

 Severity: 2/4
 Consequences: privileged access/rights, client access/rights
 Provenance: document
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Creation date: 29/12/2009

IMPACTED PRODUCTS

 APC PowerChute Network Shutdown

DESCRIPTION OF THE VULNERABILITY

The APC PowerChute Network Shutdown software uses APC UPS Network
Management Card to manage systems shutdown.

APC NMC cards have a web administration server.

However, this web server is not protected against Cross Site
Scripting nor Cross Site Request Forgery attacks.

An attacker can therefore invite the victim to see a malicious web
page, in order to execute administrative commands on APC NMC.

CHARACTERISTICS

 Identifiers: 10887, BID-37338, CVE-2009-1797, CVE-2009-1798,
CVE-2009-4406, VIGILANCE-VUL-9311
 Url: http://vigilance.fr/vulnerability/APC-NMC-vulnerabilities-of-the-web-interface-9311


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts