Remote Code Injection and XSS Vulnerabilities in Cisco Data Center Network Manager Software
CVE-2017-12346

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Data Center Network Manager Software
Vendor
CVE Published:
30 November 2017

Summary

Cisco Data Center Network Manager Software features multiple security vulnerabilities that could allow remote attackers to exploit the system. Attackers may inject arbitrary values into the configuration parameters of the software, redirect users to malicious websites, or insert harmful content into the client interface. Furthermore, these vulnerabilities enable cross-site scripting (XSS) attacks, presenting serious risks to any users of the affected software.

Affected Version(s)

Cisco Data Center Network Manager Software Cisco Data Center Network Manager Software

References

http://www.securityfocus.com/bid/101996
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.