cbcvebase.
CVE-2017-12251
published 2017-10-19

CVE-2017-12251: A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with…

PriorityP264critical9.9CVSS 3.0
AVNACLPRLUINSCCHIHAH
EPSS
2.16%
79.9th percentile
A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. The vulnerability is due to weaknesses in the generation of certain authentication mechanisms in the URL of the web console. An attacker could exploit this vulnerability by browsing to one of the hosted VMs' URLs in Cisco CSP and viewing specific patterns that control the web application's mechanisms for authentication control. An exploit could allow the attacker to access a specific VM on the CSP, which causes a complete loss of the system's confidentiality, integrity, and availability. This vulnerability affects Cisco Cloud Services Platform (CSP) 2100 running software release 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, or 2.2.2. Cisco Bug IDs: CSCve64690.

Affected

7 ranges
VendorProductVersion rangeFixed in
ciscocloud_services_platform_2100
ciscocloud_services_platform_2100
ciscocloud_services_platform_2100
ciscocloud_services_platform_2100
ciscocloud_services_platform_2100
ciscocloud_services_platform_2100
ciscocloud_services_platform_2100_unauthorized_access

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit involves browsing to hosted VM URLs on Cisco CSP 2100 web console and observing specific URL patterns that control authentication mechanisms — monitor for authenticated users accessing unusual VM URLs with authentication token/pattern enumeration behavior.
  • Scope detection to Cisco CSP 2100 devices running software releases 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, or 2.2.2 — these are the confirmed vulnerable versions.
  • ·The vulnerability requires the attacker to already be authenticated — this is not an unauthenticated pre-auth exploit; detection should focus on authenticated sessions exhibiting abnormal VM URL access patterns.
  • ·No workarounds exist for this vulnerability; patching to a fixed software release is the only mitigation.
  • ·Cisco Bug ID CSCve64690 can be used to track patch status and vendor communications for this specific vulnerability.

CVSS provenance

nvdv3.09.9CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_cisco9.9CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.