Vulnerability-Lookup

CVE-2017-12344 (GCVE-0-2017-12344)

Vulnerability from cvelistv5 – Published: 2017-11-30 09:00 – Updated: 2024-08-05 18:36

Summary

Severity ?

No CVSS data available.

CWE

CWE-79

Assigner

cisco

References

URL

	Vendor	Product	Version
	n/a	Cisco Data Center Network Manager Software	Affected: Cisco Data Center Network Manager Software

GHSA-5WW2-V6PW-8XX5

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-12344"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601",
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-30T09:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.",
  "id": "GHSA-5ww2-v6pw-8xx5",
  "modified": "2022-05-13T01:37:50Z",
  "published": "2022-05-13T01:37:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12344"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101996"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-36143

Vulnerability from cnvd - Published: 2017-12-05

Title

Cisco Data Center Network Manager Software HTTP注入漏洞

Description

Cisco Data Center Network Manager（DCNM）Software是美国思科（Cisco）公司的一套数据中心管理系统。该系统适用于Cisco Nexus和MDS系列交换机，提供存储可视化、配置和故障排除等功能。 Cisco DCNM Software中的Web界面存在HTTP注入漏洞，该漏洞源于程序未能充分的对HTTP包头参数中的值执行输入验证。远程攻击者可通过诱使用户点击恶意的链接并向HTTP消息中注入恶意的HTTP包头利用该漏洞将用户重定向到恶意的网站。

Severity

中

Patch Name

Cisco Data Center Network Manager Software HTTP注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm

Impacted products

Name
Cisco Data Center Network Manager

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101996"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12344"
    }
  },
  "description": "Cisco Data Center Network Manager\uff08DCNM\uff09Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u4e2d\u5fc3\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u9002\u7528\u4e8eCisco Nexus\u548cMDS\u7cfb\u5217\u4ea4\u6362\u673a\uff0c\u63d0\u4f9b\u5b58\u50a8\u53ef\u89c6\u5316\u3001\u914d\u7f6e\u548c\u6545\u969c\u6392\u9664\u7b49\u529f\u80fd\u3002\r\n\r\nCisco DCNM Software\u4e2d\u7684Web\u754c\u9762\u5b58\u5728HTTP\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u5bf9HTTP\u5305\u5934\u53c2\u6570\u4e2d\u7684\u503c\u6267\u884c\u8f93\u5165\u9a8c\u8bc1\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\u6076\u610f\u7684\u94fe\u63a5\u5e76\u5411HTTP\u6d88\u606f\u4e2d\u6ce8\u5165\u6076\u610f\u7684HTTP\u5305\u5934\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u6076\u610f\u7684\u7f51\u7ad9\u3002",
  "discovererName": "Indrajith.A.N",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-36143",
  "openTime": "2017-12-05",
  "patchDescription": "Cisco Data Center Network Manager\uff08DCNM\uff09Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u4e2d\u5fc3\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u9002\u7528\u4e8eCisco Nexus\u548cMDS\u7cfb\u5217\u4ea4\u6362\u673a\uff0c\u63d0\u4f9b\u5b58\u50a8\u53ef\u89c6\u5316\u3001\u914d\u7f6e\u548c\u6545\u969c\u6392\u9664\u7b49\u529f\u80fd\u3002\r\n\r\nCisco DCNM Software\u4e2d\u7684Web\u754c\u9762\u5b58\u5728HTTP\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u5bf9HTTP\u5305\u5934\u53c2\u6570\u4e2d\u7684\u503c\u6267\u884c\u8f93\u5165\u9a8c\u8bc1\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\u6076\u610f\u7684\u94fe\u63a5\u5e76\u5411HTTP\u6d88\u606f\u4e2d\u6ce8\u5165\u6076\u610f\u7684HTTP\u5305\u5934\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u6076\u610f\u7684\u7f51\u7ad9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Data Center Network Manager Software HTTP\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Data Center Network Manager"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-04",
  "title": "Cisco Data Center Network Manager Software HTTP\u6ce8\u5165\u6f0f\u6d1e"
}

GSD-2017-12344

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-12344

Aliases

CVE-2017-12344

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-12344",
    "description": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.",
    "id": "GSD-2017-12344"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-12344"
      ],
      "details": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.",
      "id": "GSD-2017-12344",
      "modified": "2023-12-13T01:21:03.399278Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-12344",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Data Center Network Manager Software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Data Center Network Manager Software"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-79"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "101996",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101996"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:data_center_network_manager:10.2\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12344"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-601"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm"
            },
            {
              "name": "101996",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101996"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-10-09T23:22Z",
      "publishedDate": "2017-11-30T09:29Z"
    }
  }
}

VAR-201711-0339

Vulnerability from variot - Updated: 2025-04-20 23:25

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. Cisco Data Center Network Manager (DCNM) The software contains an open redirect vulnerability. Vendors report this vulnerability Bug ID CSCvf40477 , CSCvf63150 , CSCvf68218 , CSCvf68235 ,and CSCvf68247 Published as.The information may be obtained and the information may be falsified. Successful exploits will allow attackers to execute arbitrary code within the context of the affected system, manipulate and spoof content, insert a crafted HTTP header into an HTTP response to cause a web page redirection to a possible malicious website, and/or to execute arbitrary HTML or script code in the browser of an unsuspecting user in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; this may aid in launching further attacks. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions. There is an HTTP injection vulnerability in the web interface of Cisco DCNM Software. The vulnerability stems from the fact that the program does not adequately perform input validation on the values in the HTTP header parameters. Remote attackers can exploit this vulnerability to redirect users to malicious websites by enticing users to click malicious links and inject malicious HTTP headers into HTTP messages

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0339",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "data center network manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.2\\(1\\)"
      },
      {
        "model": "mds series multilayer directors 10.4 s0",
        "scope": "ne",
        "trust": 1.2,
        "vendor": "cisco",
        "version": "9500"
      },
      {
        "model": "data center network manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mds series multilayer directors 10.3 r",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "9500"
      },
      {
        "model": "mds series multilayer directors 10.3 s3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9500"
      },
      {
        "model": "mds series multilayer directors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "950010.2(1)"
      },
      {
        "model": "data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mds series multilayer directors 11.0 s0",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9500"
      },
      {
        "model": "mds series multilayer directors 10.4 s9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9500"
      },
      {
        "model": "mds series multilayer directors 10.4 s19",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9500"
      },
      {
        "model": "mds series multilayer directors 10.4 s11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9500"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "101996"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1221"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12344"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:data_center_network_manager",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Indrajith.A.N",
    "sources": [
      {
        "db": "BID",
        "id": "101996"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-12344",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-12344",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-102857",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-12344",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-12344",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-12344",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-1221",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-102857",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-102857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1221"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12344"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. Cisco Data Center Network Manager (DCNM) The software contains an open redirect vulnerability. Vendors report this vulnerability Bug ID CSCvf40477 , CSCvf63150 , CSCvf68218 , CSCvf68235 ,and CSCvf68247 Published as.The information may be obtained and the information may be falsified. \nSuccessful exploits will allow attackers to execute arbitrary code within the context of the affected system, manipulate and spoof content, insert a crafted HTTP header into an HTTP response to cause a web page redirection to a possible malicious website, and/or to execute arbitrary HTML or script code in the browser of an unsuspecting user in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; this may aid in launching further attacks. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions. There is an HTTP injection vulnerability in the web interface of Cisco DCNM Software. The vulnerability stems from the fact that the program does not adequately perform input validation on the values \u200b\u200bin the HTTP header parameters. Remote attackers can exploit this vulnerability to redirect users to malicious websites by enticing users to click malicious links and inject malicious HTTP headers into HTTP messages",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12344"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      },
      {
        "db": "BID",
        "id": "101996"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102857"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-12344",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "101996",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010416",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1221",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-102857",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-102857"
      },
      {
        "db": "BID",
        "id": "101996"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1221"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12344"
      }
    ]
  },
  "id": "VAR-201711-0339",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-102857"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:25:55.029000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20171129-dcnm",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm"
      },
      {
        "title": "Cisco Data Center Network Manager Software Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76839"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1221"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-601",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-79",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-102857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12344"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-dcnm"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/101996"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12344"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12344"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-102857"
      },
      {
        "db": "BID",
        "id": "101996"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1221"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12344"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-102857"
      },
      {
        "db": "BID",
        "id": "101996"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1221"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12344"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-102857"
      },
      {
        "date": "2017-11-29T00:00:00",
        "db": "BID",
        "id": "101996"
      },
      {
        "date": "2017-12-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      },
      {
        "date": "2017-12-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-1221"
      },
      {
        "date": "2017-11-30T09:29:00.790000",
        "db": "NVD",
        "id": "CVE-2017-12344"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-102857"
      },
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "101996"
      },
      {
        "date": "2017-12-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-1221"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-12344"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1221"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Data Center Network Manager Open redirect vulnerability in software",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010416"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "101996"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1221"
      }
    ],
    "trust": 0.9
  }
}

FKIE_CVE-2017-12344

Vulnerability from fkie_nvd - Published: 2017-11-30 09:29 - Updated: 2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/101996	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101996	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	data_center_network_manager	10.2\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:data_center_network_manager:10.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6154160E-82B7-45B7-BF01-641471B436B2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en el software Data Center Network Manager (DCNM) de Cisco podr\u00edan permitir que un atacante remoto inyecte valores arbitrarios en los par\u00e1metros de configuraci\u00f3n de DCNM, redirija un usuario a una p\u00e1gina web maliciosa, inyecte contenido malicioso en una interfaz de cliente de DCNM o realice un ataque Cross-Site Scripting (XSS) contra un usuario del software afectado. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247."
    }
  ],
  "id": "CVE-2017-12344",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-30T09:29:00.790",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101996"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-12344 (GCVE-0-2017-12344)

GHSA-5WW2-V6PW-8XX5

CNVD-2017-36143

GSD-2017-12344

VAR-201711-0339

FKIE_CVE-2017-12344

Tags

Sightings

Nomenclature