SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco Cloud Services Platform Vendors:   Cisco
Cisco Cloud Services Platform 2100 Web Console Flaw Lets Remote Authenticated Users Access the Target System
SecurityTracker Alert ID:  1039613
SecurityTracker URL:  http://securitytracker.com/id/1039613
CVE Reference:   CVE-2017-12251   (Links to External Site)
Date:  Oct 18 2017
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): CSP 2100; releases 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, 2.2.2
Description:   A vulnerability was reported in Cisco Cloud Services Platform 2100. A remote authenticated user can gain access to the target system.

A remote authenticated user can load a specially crafted URL to exploit an authentication flaw in the web console to gain access to the target services or virtual machines on the target device.

The vendor has assigned bug ID CSCve64690 to this vulnerability.

Chris Day, Senior Security Consultant, MWR InfoSecurity reported this vulnerability.

Impact:   A remote authenticated user can gain access to the target services or virtual machines on the target device.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC