Details of VAR-201711-0340

ID

VAR-201711-0340

CVE

CVE-2017-12345

TITLE

Cisco Data Center Network Manager Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010417

DESCRIPTION

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. Cisco Data Center Network Manager (DCNM) The software contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvf40477 , CSCvf63150 , CSCvf68218 , CSCvf68235 ,and CSCvf68247 It is released as.Information may be tampered with. Successful exploits will allow attackers to execute arbitrary code within the context of the affected system, manipulate and spoof content, insert a crafted HTTP header into an HTTP response to cause a web page redirection to a possible malicious website, and/or to execute arbitrary HTML or script code in the browser of an unsuspecting user in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; this may aid in launching further attacks. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 2.07

sources: NVD: CVE-2017-12345 // JVNDB: JVNDB-2017-010417 // BID: 101996 // VULHUB: VHN-102858 // VULMON: CVE-2017-12345

AFFECTED PRODUCTS

vendor:	cisco	model:	data center network manager	scope:	eq	version:	10.2\(1\)	Trust: 1.6
vendor:	cisco	model:	mds series multilayer directors 10.4 s0	scope:	ne	version:	9500	Trust: 1.2
vendor:	cisco	model:	data center network manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	mds series multilayer directors 10.3 r	scope:	ne	version:	9500	Trust: 0.6
vendor:	cisco	model:	mds series multilayer directors 10.3 s3	scope:	eq	version:	9500	Trust: 0.3
vendor:	cisco	model:	mds series multilayer directors	scope:	eq	version:	950010.2(1)	Trust: 0.3
vendor:	cisco	model:	data center network manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	mds series multilayer directors 11.0 s0	scope:	ne	version:	9500	Trust: 0.3
vendor:	cisco	model:	mds series multilayer directors 10.4 s9	scope:	ne	version:	9500	Trust: 0.3
vendor:	cisco	model:	mds series multilayer directors 10.4 s19	scope:	ne	version:	9500	Trust: 0.3
vendor:	cisco	model:	mds series multilayer directors 10.4 s11	scope:	ne	version:	9500	Trust: 0.3

sources: BID: 101996 // JVNDB: JVNDB-2017-010417 // CNNVD: CNNVD-201711-1220 // NVD: CVE-2017-12345

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12345
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12345
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-1220
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102858
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-12345
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12345
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-102858
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12345
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102858 // VULMON: CVE-2017-12345 // JVNDB: JVNDB-2017-010417 // CNNVD: CNNVD-201711-1220 // NVD: CVE-2017-12345

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-102858 // JVNDB: JVNDB-2017-010417 // NVD: CVE-2017-12345

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1220

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201711-1220

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010417

PATCH

title:	cisco-sa-20171129-dcnm	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm	Trust: 0.8
title:	Cisco Data Center Network Manager Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76838	Trust: 0.6
title:	Cisco: Multiple Vulnerabilities in Cisco Data Center Network Manager Software	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20171129-dcnm	Trust: 0.1
title:	vulnerabilities	url:	https://github.com/olucomedy/vulnerabilities	Trust: 0.1
title:	TwistLock	url:	https://github.com/dwarakanathprao/TwistLock	Trust: 0.1
title:	chromium-vulnerabilities	url:	https://github.com/VulnerabilityHistoryProject/chromium-vulnerabilities	Trust: 0.1

sources: VULMON: CVE-2017-12345 // JVNDB: JVNDB-2017-010417 // CNNVD: CNNVD-201711-1220

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12345	Trust: 2.9
db:	BID	id:	101996	Trust: 2.1
db:	JVNDB	id:	JVNDB-2017-010417	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-1220	Trust: 0.7
db:	VULHUB	id:	VHN-102858	Trust: 0.1
db:	VULMON	id:	CVE-2017-12345	Trust: 0.1

sources: VULHUB: VHN-102858 // VULMON: CVE-2017-12345 // BID: 101996 // JVNDB: JVNDB-2017-010417 // CNNVD: CNNVD-201711-1220 // NVD: CVE-2017-12345

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-dcnm	Trust: 2.2
url:	http://www.securityfocus.com/bid/101996	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12345	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12345	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://github.com/olucomedy/vulnerabilities	Trust: 0.1
url:	https://github.com/vulnerabilityhistoryproject/chromium-vulnerabilities	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-102858 // VULMON: CVE-2017-12345 // BID: 101996 // JVNDB: JVNDB-2017-010417 // CNNVD: CNNVD-201711-1220 // NVD: CVE-2017-12345

CREDITS

Indrajith.A.N

Trust: 0.3

sources: BID: 101996

SOURCES

db:	VULHUB	id:	VHN-102858
db:	VULMON	id:	CVE-2017-12345
db:	BID	id:	101996
db:	JVNDB	id:	JVNDB-2017-010417
db:	CNNVD	id:	CNNVD-201711-1220
db:	NVD	id:	CVE-2017-12345

LAST UPDATE DATE

2024-11-23T22:22:22.138000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102858	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2017-12345	date:	2019-10-09T00:00:00
db:	BID	id:	101996	date:	2017-12-19T22:37:00
db:	JVNDB	id:	JVNDB-2017-010417	date:	2017-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201711-1220	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12345	date:	2024-11-21T03:09:20.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102858	date:	2017-11-30T00:00:00
db:	VULMON	id:	CVE-2017-12345	date:	2017-11-30T00:00:00
db:	BID	id:	101996	date:	2017-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-010417	date:	2017-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201711-1220	date:	2017-12-01T00:00:00
db:	NVD	id:	CVE-2017-12345	date:	2017-11-30T09:29:00.823