American Power Conversion Corp. Information for VU#166739

APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery

Status

Affected

Vendor Statement

Please see Cross Site Scripting & Forgery Issue (XSS/CSRF) in NMC-Based Products.

Vendor Information

Update NMC firmware as specified by APC. Release notes indicate that these vulnerabilities are addressed in firmware version 3.7.2 for certain NMCs. APC has indicated that the vulnerabilities are also addressed in firmware version 5.1.1.

Vendor References

http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887&p_created=1261587018&p_topview=1
http://www.apcmedia.com/salestools/PMAR-82BMH5_R0_EN.zip

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.