Cross-Site Scripting Vulnerability in Cisco UCS Director
CVE-2017-3868

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Ucs Director
Vendor
CVE Published:
17 March 2017

Summary

A vulnerability exists in the web-based management interface of Cisco UCS Director that allows unauthenticated remote attackers to perform cross-site scripting (XSS) attacks. This can lead to the execution of malicious scripts in the context of the user's session, potentially compromising user security. The affected version includes UCS Director 6.0(0.0). For more information, refer to the security advisory from Cisco.

Affected Version(s)

Cisco UCS Director Cisco UCS Director

References

http://www.securityfocus.com/bid/96921
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038039
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.