var-201711-0341
Vulnerability from variot
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. Vendors have confirmed this vulnerability Bug ID CSCvf40477 , CSCvf63150 , CSCvf68218 , CSCvf68235 ,and CSCvf68247 It is released as.Information may be obtained and information may be altered. Successful exploits will allow attackers to execute arbitrary code within the context of the affected system, manipulate and spoof content, insert a crafted HTTP header into an HTTP response to cause a web page redirection to a possible malicious website, and/or to execute arbitrary HTML or script code in the browser of an unsuspecting user in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; this may aid in launching further attacks. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0341",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "data center network manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.2\\(1\\)"
},
{
"model": "mds series multilayer directors 10.4 s0",
"scope": "ne",
"trust": 1.2,
"vendor": "cisco",
"version": "9500"
},
{
"model": "data center network manager",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "mds series multilayer directors 10.3 r",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "9500"
},
{
"model": "mds series multilayer directors 10.3 s3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9500"
},
{
"model": "mds series multilayer directors",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "950010.2(1)"
},
{
"model": "data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mds series multilayer directors 11.0 s0",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9500"
},
{
"model": "mds series multilayer directors 10.4 s9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9500"
},
{
"model": "mds series multilayer directors 10.4 s19",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9500"
},
{
"model": "mds series multilayer directors 10.4 s11",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9500"
}
],
"sources": [
{
"db": "BID",
"id": "101996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010418"
},
{
"db": "NVD",
"id": "CVE-2017-12346"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1219"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:data_center_network_manager:10.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12346"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Indrajith.A.N",
"sources": [
{
"db": "BID",
"id": "101996"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12346",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-12346",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-102859",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-12346",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12346",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-1219",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102859",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102859"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010418"
},
{
"db": "NVD",
"id": "CVE-2017-12346"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. Vendors have confirmed this vulnerability Bug ID CSCvf40477 , CSCvf63150 , CSCvf68218 , CSCvf68235 ,and CSCvf68247 It is released as.Information may be obtained and information may be altered. \nSuccessful exploits will allow attackers to execute arbitrary code within the context of the affected system, manipulate and spoof content, insert a crafted HTTP header into an HTTP response to cause a web page redirection to a possible malicious website, and/or to execute arbitrary HTML or script code in the browser of an unsuspecting user in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; this may aid in launching further attacks. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12346"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010418"
},
{
"db": "BID",
"id": "101996"
},
{
"db": "VULHUB",
"id": "VHN-102859"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12346",
"trust": 2.8
},
{
"db": "BID",
"id": "101996",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010418",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1219",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-102859",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102859"
},
{
"db": "BID",
"id": "101996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010418"
},
{
"db": "NVD",
"id": "CVE-2017-12346"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1219"
}
]
},
"id": "VAR-201711-0341",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102859"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:44:20.995000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20171129-dcnm",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-dcnm"
},
{
"title": "Cisco Data Center Network Manager Software Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76837"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010418"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102859"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010418"
},
{
"db": "NVD",
"id": "CVE-2017-12346"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-dcnm"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101996"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12346"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12346"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102859"
},
{
"db": "BID",
"id": "101996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010418"
},
{
"db": "NVD",
"id": "CVE-2017-12346"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-102859"
},
{
"db": "BID",
"id": "101996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010418"
},
{
"db": "NVD",
"id": "CVE-2017-12346"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-102859"
},
{
"date": "2017-11-29T00:00:00",
"db": "BID",
"id": "101996"
},
{
"date": "2017-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010418"
},
{
"date": "2017-11-30T09:29:00.853000",
"db": "NVD",
"id": "CVE-2017-12346"
},
{
"date": "2017-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102859"
},
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "101996"
},
{
"date": "2017-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010418"
},
{
"date": "2019-10-09T23:22:59.373000",
"db": "NVD",
"id": "CVE-2017-12346"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1219"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Data Center Network Manager Software cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010418"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1219"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1219"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.