Cross-Site Scripting and Session Hijacking Vulnerabilities in Cisco UCS Central Software
CVE-2017-12348

5.4MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Ucs Central Software
Vendor
CVE Published:
30 November 2017

Summary

Multiple vulnerabilities have been identified in the web-based management interface of Cisco UCS Central Software. These vulnerabilities enable remote attackers to exploit the affected interface by conducting cross-site scripting (XSS) attacks, potentially leading to unauthorized access to sensitive user data. Additionally, attackers may hijack a valid session ID, granting them control over an active user session. It is crucial for users of the system to assess their exposure and implement necessary security measures.

Affected Version(s)

Cisco UCS Central Software Cisco UCS Central Software

References

http://www.securityfocus.com/bid/102018
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039924
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.