Executive Summary

Summary
Title Cisco Cloud Services Platform 2100 Unauthorized Access Vulnerability
Informations
Name cisco-sa-20171018-ccs First vendor Publication 2017-10-18
Vendor Cisco Last vendor Modification 2017-10-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score 6.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device.

The vulnerability is due to weaknesses in the generation of certain authentication mechanisms in the URL of the web console. An attacker could exploit this vulnerability by browsing to one of the hosted VMs' URLs in Cisco CSP and viewing specific patterns that control the web application's mechanisms for authentication control. An exploit could allow the attacker to access a specific VM on the CSP, which causes a complete loss of the system's confidentiality, integrity, and availability.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs"]

BEGIN PGP SIGNATURE

iQKBBAEBAgBrBQJZ53tLZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmx5A/8DT9waYqvQjTBPYNe kbWKLIPgpfu0C58S9AfIP+2XV+0lVo9k1HnoDJmZfH6VC+c6/MxG5RkSMi2oNYVV 3GdQxerM8iCV7UmousbFStgpe5xGMidEKkAzLxxl9BjNjRnR70GlDneBkz7/sw3I CPYp7UPMCWlc7Bnfu56erMHue8RWOCTz68FCDnasZasWGigjmJNOy8f6bICkTkdS tY+x40E9E2zuFx3RCYFp+Mpn69oQhig/6+EUy6qTZjpsSpvvPSCEgUqdAsT2+zML 2zCKarFjs5k6oAYr2fJ6cOX11JtIlrQGj2Be0LUOVLXPibyw4sVRYAw0OZl2fc4C EBkGANYAxPoTEsRHn2q5IoDB9lIZdarNtX8Ys42wwjpX5eybMsuBd1glwmmNjqkc DIyGzwQCBN5nBH54xmm9pRB1o7wOKV3Y1okdn6a47s89XEwlKh8SxXYASEEeyn33 c+Xerp4DKVfd30BchK39cYiKnGyngYNep20HDCRP3ZBfAxtVvRtwBn4HeOfqgDlI 5ZESStXFEoDAkm3YjBLLRAKYIcFxYOquBmHvcpAvuC7i0GQ50ys77lrEMNbIx9FJ 4M2mE1MPoQByYpFQtWtTDpUfP3rmAua8oB80ydoMgHpZAyo6amQsdVnai0CduLHX B9ZyxahXTjfoDuEbgeHVY5GrDzQ= =nCrT END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2017-11-06 21:28:26
  • Multiple Updates
2017-10-19 13:26:39
  • Multiple Updates
2017-10-18 21:22:37
  • First insertion