#VU9473 Spoofing attack in Cisco Data Center Network Manager - CVE-2017-12345
Published: November 30, 2017
Vulnerability identifier: #VU9473
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12345
CWE-ID: CWE-451
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Data Center Network Manager
Cisco Data Center Network Manager
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The disclosed vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient input validation of user-supplied values in HTTP parameters. A remote attacker can trick the victim into clicking a malicious link, inject malicious HTTP parameter values into HTTP messages and inject malicious content into the content that is displayed by the web interface.
Remediation
The vulnerability is addressed in the following versions: 10.4(1.41)S0, 10.4(1)S11.