What is CVE-2017-12348?

CVE-2017-12348 is a vulnerability in the web-based management interface of Cisco UCS Central Software that allows a remote attacker to conduct a cross-site scripting (XSS) attack or hijack a valid session ID.

How severe is CVE-2017-12348?

CVE-2017-12348 has a severity rating of 5.4, which is considered medium.

What is the affected software for CVE-2017-12348?

The affected software for CVE-2017-12348 is Cisco Unified Computing System Central Software version 2.2(1a)a.

How can an attacker exploit CVE-2017-12348?

An attacker can exploit CVE-2017-12348 by conducting a cross-site scripting (XSS) attack or hijacking a valid session ID from a user of the affected interface.

Are there any patches or fixes available for CVE-2017-12348?

Yes, Cisco has released a security advisory with patches and fixes for CVE-2017-12348. It is recommended to update to the latest version of Cisco UCS Central Software.

Vulnerability/
CVE-2017-12348

medium

5.4

CWE

30/11/2017

5/8/2024

CVE-2017-12348: XSS

First published: Thu Nov 30 2017(Updated: )

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco UCS Central Software	=2.2\(1a\)a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-12348?
CVE-2017-12348 is a vulnerability in the web-based management interface of Cisco UCS Central Software that allows a remote attacker to conduct a cross-site scripting (XSS) attack or hijack a valid session ID.
How severe is CVE-2017-12348?
CVE-2017-12348 has a severity rating of 5.4, which is considered medium.
What is the affected software for CVE-2017-12348?
The affected software for CVE-2017-12348 is Cisco Unified Computing System Central Software version 2.2(1a)a.
How can an attacker exploit CVE-2017-12348?
An attacker can exploit CVE-2017-12348 by conducting a cross-site scripting (XSS) attack or hijacking a valid session ID from a user of the affected interface.
Are there any patches or fixes available for CVE-2017-12348?
Yes, Cisco has released a security advisory with patches and fixes for CVE-2017-12348. It is recommended to update to the latest version of Cisco UCS Central Software.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/last-modified-date
agent/weakness
agent/first-publish-date
agent/description
agent/event
agent/author
agent/trending
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
agent/source
vendor/cisco
canonical/cisco ucs central software
version/cisco ucs central software/2.2\(1a\)a

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.