Vulnerability Details CVE-2017-12348
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://www.securityfocus.com/bid/102018
- http://www.securitytracker.com/id/1039924
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central
- http://www.securityfocus.com/bid/102018
- http://www.securitytracker.com/id/1039924
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central
Products affected by CVE-2017-12348
-
cpe:2.3:a:cisco:unified_computing_system_central_software:2.2(1a)a