Main Vulnerability Database SB2017101907

SB2017101907 - Security restrictions bypass in Cisco Cloud Services Platform 2100

Published: October 19, 2017

Security Bulletin ID SB2017101907

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2017-12251)

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in the web console of the Cisco Cloud Services Platform (CSP) 2100 due to weaknesses in the generation of certain authentication mechanisms in the URL. A remote attacker can browse to one of the hosted VMs' URLs in Cisco CSP and view specific patterns that control the web application's mechanisms for authentication control.

Successful exploitation of the vulnerability results in full control over the affected system.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs