Cisco UCS Central Software Cross Site Scripting and Session Fixation Vulnerabilities

Cisco UCS Central Software is prone to a cross-site scripting vulnerability and a session-fixation vulnerability.

An attacker may leverage these issues to hijack an arbitrary session and gain unauthorized access to the affected application or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

These issues are being tracked by Cisco Bug ID CSCvf71978 and CSCvf71986.


Bugtraq ID: 102018
Class: Input Validation Error
CVE: CVE-2017-12348

Remote: Yes
Local: No
Published: Nov 29 2017 12:00AM
Updated: Dec 01 2017 03:10PM
Credit: Indrajith.A.N
Vulnerable: Cisco UCS Central Software 2.2(1a)A

Not Vulnerable:


Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

Related Posts