Vulnslist

Cisco product, release, and evidence lookup

Multiple Vulnerabilities in Cisco UCS Central Software

cisco-sa-20171129-ucs-central · Medium · Published · Updated

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. For more information about these vulnerabilities, see the “Details” section of this security advisory. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2017-12348, CVE-2017-12349
Cisco Bug IDsCSCvf71978 , CSCvf71986
CVSS ScoreBase 5.4
Base 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X

Public Affected Products

Product CVE Evidence
Cisco Unified Computing System Central Software CVE-2017-12349 Cisco CSAF · structured affected
Cisco Unified Computing System Central Software CVE-2017-12348 Cisco CSAF · structured affected