CVE-2017-12349
published 2017-11-30CVE-2017-12349: Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting…
PriorityP425medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.89%
54.9th percentile
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ucs_central | — | — |
| cisco | unified_computing_system_central_software | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_cisco5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cvvh-736r-7rrr: Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scr
ghsa_unreviewed·2022-05-13
CVE-2017-12349 [MEDIUM] CWE-79 GHSA-cvvh-736r-7rrr: Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scr
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.
Cisco
Multiple Vulnerabilities in Cisco UCS Central Software
vendor_cisco·2017-11-30·CVSS 5.4
CVE-2017-12348 [MEDIUM] CWE-384 Multiple Vulnerabilities in Cisco UCS Central Software
Multiple Vulnerabilities in Cisco UCS Central Software
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.
For more information about these vulnerabilities, see the “Details” section of this security advisory.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central
Cisco
Multiple Vulnerabilities in Cisco UCS Central Software
vendor_cisco·CVSS 3.0
CVE-2017-12349 Multiple Vulnerabilities in Cisco UCS Central Software
CVE-2017-12349: Multiple Vulnerabilities in Cisco UCS Central Software
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. For more information about these vulnerabilities, see the “
CVSS: 3.0
CWE: CWE-384, CWE-79, CWE-384, CWE-79
Bug IDs: CSCvf71978, CSCvf71986
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/102018http://www.securitytracker.com/id/1039924https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-centralhttp://www.securityfocus.com/bid/102018http://www.securitytracker.com/id/1039924https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central
2017-11-30
Published