Authentication Vulnerability in Cisco Cloud Services Platform 2100
CVE-2017-12251

9.9CRITICAL

Key Information:

Vendor
Cisco
Status
Cisco Cloud Services Platform 2100
Vendor
CVE Published:
19 October 2017

Summary

A vulnerability in the web console of Cisco Cloud Services Platform (CSP) 2100 allows authenticated remote attackers to maliciously interact with services or virtual machines (VMs) hosted on the device. This vulnerability arises from flaws in the generation of specific authentication mechanisms within the web console's URL, enabling attackers to exploit these weaknesses to gain unauthorized access to VMs. By accessing certain hosted VM URLs, an attacker can compromise the confidentiality, integrity, and availability of the affected system, posing significant risks to users and operational continuity.

Affected Version(s)

Cisco Cloud Services Platform 2100 Cisco Cloud Services Platform 2100

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101487
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039613
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.