ID

VAR-201711-0341


CVE

CVE-2017-12346


TITLE

Cisco Data Center Network Manager Software cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-010418 // CNNVD: CNNVD-201711-1219

DESCRIPTION

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. Vendors have confirmed this vulnerability Bug ID CSCvf40477 , CSCvf63150 , CSCvf68218 , CSCvf68235 ,and CSCvf68247 It is released as.Information may be obtained and information may be altered. Successful exploits will allow attackers to execute arbitrary code within the context of the affected system, manipulate and spoof content, insert a crafted HTTP header into an HTTP response to cause a web page redirection to a possible malicious website, and/or to execute arbitrary HTML or script code in the browser of an unsuspecting user in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; this may aid in launching further attacks. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.98

sources: NVD: CVE-2017-12346 // JVNDB: JVNDB-2017-010418 // BID: 101996 // VULHUB: VHN-102859

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:eqversion:10.2\(1\)

Trust: 1.6

vendor:ciscomodel:mds series multilayer directors 10.4 s0scope:neversion:9500

Trust: 1.2

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:mds series multilayer directors 10.3 rscope:neversion:9500

Trust: 0.6

vendor:ciscomodel:mds series multilayer directors 10.3 s3scope:eqversion:9500

Trust: 0.3

vendor:ciscomodel:mds series multilayer directorsscope:eqversion:950010.2(1)

Trust: 0.3

vendor:ciscomodel:data center network managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:mds series multilayer directors 11.0 s0scope:neversion:9500

Trust: 0.3

vendor:ciscomodel:mds series multilayer directors 10.4 s9scope:neversion:9500

Trust: 0.3

vendor:ciscomodel:mds series multilayer directors 10.4 s19scope:neversion:9500

Trust: 0.3

vendor:ciscomodel:mds series multilayer directors 10.4 s11scope:neversion:9500

Trust: 0.3

sources: BID: 101996 // JVNDB: JVNDB-2017-010418 // CNNVD: CNNVD-201711-1219 // NVD: CVE-2017-12346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12346
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12346
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-1219
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102859
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12346
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102859
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12346
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102859 // JVNDB: JVNDB-2017-010418 // CNNVD: CNNVD-201711-1219 // NVD: CVE-2017-12346

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-102859 // JVNDB: JVNDB-2017-010418 // NVD: CVE-2017-12346

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1219

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201711-1219

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010418

PATCH

title:cisco-sa-20171129-dcnmurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm

Trust: 0.8

title:Cisco Data Center Network Manager Software Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76837

Trust: 0.6

sources: JVNDB: JVNDB-2017-010418 // CNNVD: CNNVD-201711-1219

EXTERNAL IDS

db:NVDid:CVE-2017-12346

Trust: 2.8

db:BIDid:101996

Trust: 2.0

db:JVNDBid:JVNDB-2017-010418

Trust: 0.8

db:CNNVDid:CNNVD-201711-1219

Trust: 0.7

db:VULHUBid:VHN-102859

Trust: 0.1

sources: VULHUB: VHN-102859 // BID: 101996 // JVNDB: JVNDB-2017-010418 // CNNVD: CNNVD-201711-1219 // NVD: CVE-2017-12346

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-dcnm

Trust: 2.0

url:http://www.securityfocus.com/bid/101996

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12346

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-12346

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-102859 // BID: 101996 // JVNDB: JVNDB-2017-010418 // CNNVD: CNNVD-201711-1219 // NVD: CVE-2017-12346

CREDITS

Indrajith.A.N

Trust: 0.3

sources: BID: 101996

SOURCES

db:VULHUBid:VHN-102859
db:BIDid:101996
db:JVNDBid:JVNDB-2017-010418
db:CNNVDid:CNNVD-201711-1219
db:NVDid:CVE-2017-12346

LAST UPDATE DATE

2024-11-23T22:22:22.055000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-102859date:2019-10-09T00:00:00
db:BIDid:101996date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-010418date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-1219date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12346date:2024-11-21T03:09:21.120

SOURCES RELEASE DATE

db:VULHUBid:VHN-102859date:2017-11-30T00:00:00
db:BIDid:101996date:2017-11-29T00:00:00
db:JVNDBid:JVNDB-2017-010418date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-1219date:2017-12-01T00:00:00
db:NVDid:CVE-2017-12346date:2017-11-30T09:29:00.853