CVE-2017-12251

Name of the Vulnerable Software and Affected Versions Cisco Cloud Services Platform (CSP) 2100 versions 2.1.0 through 2.2.2

Description A weakness in the generation of certain authentication mechanisms in the URL of the web console could allow an authenticated, remote attacker to interact maliciously with services or virtual machines operating on an affected device. The attacker could exploit this by browsing to a hosted VM's URL and viewing specific patterns that control the web application's authentication mechanisms. This could allow the attacker to access a specific VM, resulting in a complete loss of the system's confidentiality, integrity, and availability.

Recommendations For Cisco Cloud Services Platform (CSP) 2100 versions 2.1.0 through 2.2.2, consider restricting access to the web console until a fix is available. As a temporary workaround, limit interactions with the services or virtual machines operating on the affected CSP device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.