Cross-Site Scripting Vulnerability in Cisco UCS Central Software
CVE-2017-12349

5.4MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Ucs Central Software
Vendor
CVE Published:
30 November 2017

What is CVE-2017-12349?

The web-based management interface of Cisco UCS Central Software has multiple security vulnerabilities that may allow an attacker to execute a cross-site scripting (XSS) attack. This flaw can enable unauthorized individuals to manipulate user interactions, potentially leading to session hijacking of legitimate users when they access the affected interface. Proper security measures should be implemented to mitigate these risks and protect sensitive information.

Affected Version(s)

Cisco UCS Central Software Cisco UCS Central Software

References

http://www.securityfocus.com/bid/102018
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039924
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.