VAR-201711-0342
Vulnerability from variot - Updated: 2025-04-20 23:25Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. Vendors have confirmed this vulnerability Bug ID CSCvf40477 , CSCvf63150 , CSCvf68218 , CSCvf68235 ,and CSCvf68247 It is released as.Information may be obtained and information may be altered. Successful exploits will allow attackers to execute arbitrary code within the context of the affected system, manipulate and spoof content, insert a crafted HTTP header into an HTTP response to cause a web page redirection to a possible malicious website, and/or to execute arbitrary HTML or script code in the browser of an unsuspecting user in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; this may aid in launching further attacks. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "data center network manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.2\\(1\\)"
},
{
"model": "mds series multilayer directors 10.4 s0",
"scope": "ne",
"trust": 1.2,
"vendor": "cisco",
"version": "9500"
},
{
"model": "data center network manager",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "mds series multilayer directors 10.3 r",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "9500"
},
{
"model": "mds series multilayer directors 10.3 s3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9500"
},
{
"model": "mds series multilayer directors",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "950010.2(1)"
},
{
"model": "data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mds series multilayer directors 11.0 s0",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9500"
},
{
"model": "mds series multilayer directors 10.4 s9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9500"
},
{
"model": "mds series multilayer directors 10.4 s19",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9500"
},
{
"model": "mds series multilayer directors 10.4 s11",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9500"
}
],
"sources": [
{
"db": "BID",
"id": "101996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010419"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1218"
},
{
"db": "NVD",
"id": "CVE-2017-12347"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:data_center_network_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010419"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Indrajith.A.N",
"sources": [
{
"db": "BID",
"id": "101996"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12347",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-12347",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-102860",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-12347",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12347",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12347",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-1218",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102860",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010419"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1218"
},
{
"db": "NVD",
"id": "CVE-2017-12347"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. Vendors have confirmed this vulnerability Bug ID CSCvf40477 , CSCvf63150 , CSCvf68218 , CSCvf68235 ,and CSCvf68247 It is released as.Information may be obtained and information may be altered. \nSuccessful exploits will allow attackers to execute arbitrary code within the context of the affected system, manipulate and spoof content, insert a crafted HTTP header into an HTTP response to cause a web page redirection to a possible malicious website, and/or to execute arbitrary HTML or script code in the browser of an unsuspecting user in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; this may aid in launching further attacks. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12347"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010419"
},
{
"db": "BID",
"id": "101996"
},
{
"db": "VULHUB",
"id": "VHN-102860"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12347",
"trust": 2.8
},
{
"db": "BID",
"id": "101996",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010419",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1218",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-102860",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102860"
},
{
"db": "BID",
"id": "101996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010419"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1218"
},
{
"db": "NVD",
"id": "CVE-2017-12347"
}
]
},
"id": "VAR-201711-0342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102860"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:25:54.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20171129-dcnm",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm"
},
{
"title": "Cisco Data Center Network Manager Software Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76836"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010419"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1218"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010419"
},
{
"db": "NVD",
"id": "CVE-2017-12347"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-dcnm"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101996"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12347"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12347"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102860"
},
{
"db": "BID",
"id": "101996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010419"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1218"
},
{
"db": "NVD",
"id": "CVE-2017-12347"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-102860"
},
{
"db": "BID",
"id": "101996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010419"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1218"
},
{
"db": "NVD",
"id": "CVE-2017-12347"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-102860"
},
{
"date": "2017-11-29T00:00:00",
"db": "BID",
"id": "101996"
},
{
"date": "2017-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010419"
},
{
"date": "2017-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1218"
},
{
"date": "2017-11-30T09:29:00.887000",
"db": "NVD",
"id": "CVE-2017-12347"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102860"
},
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "101996"
},
{
"date": "2017-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010419"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1218"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12347"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1218"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Data Center Network Manager Software cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010419"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1218"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1218"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…