Authentication Vulnerability in Cisco Cloud Services Platform 2100
CVE-2017-12251

9.9CRITICAL

Key Information:

Vendor

Cisco
Status
Cisco Cloud Services Platform 2100
Vendor
CVE Published:
19 October 2017

What is CVE-2017-12251?

A vulnerability in the web console of Cisco Cloud Services Platform (CSP) 2100 allows authenticated remote attackers to maliciously interact with services or virtual machines (VMs) hosted on the device. This vulnerability arises from flaws in the generation of specific authentication mechanisms within the web console's URL, enabling attackers to exploit these weaknesses to gain unauthorized access to VMs. By accessing certain hosted VM URLs, an attacker can compromise the confidentiality, integrity, and availability of the affected system, posing significant risks to users and operational continuity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Cloud Services Platform 2100 Cisco Cloud Services Platform 2100

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101487
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039613
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.