N/A

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

跨站请求伪造(CSRF)

Cisco Nexus Dashboard 安全漏洞

Cisco Nexus Dashboard是美国思科（Cisco）公司的一个单一控制台。能够简化数据中心网络的运营和管理。 Cisco Nexus Dashboard 存在安全漏洞，该漏洞源于基于 Web 的管理界面中存在漏洞，可能允许未经身份验证的远程攻击者对受影响的系统进行跨站请求伪造 (CSRF) 攻击。

N/A

N/A