{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T09:49:17.863","vulnerabilities":[{"cve":{"id":"CVE-2017-12251","sourceIdentifier":"psirt@cisco.com","published":"2017-10-19T08:29:00.217","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. The vulnerability is due to weaknesses in the generation of certain authentication mechanisms in the URL of the web console. An attacker could exploit this vulnerability by browsing to one of the hosted VMs' URLs in Cisco CSP and viewing specific patterns that control the web application's mechanisms for authentication control. An exploit could allow the attacker to access a specific VM on the CSP, which causes a complete loss of the system's confidentiality, integrity, and availability. This vulnerability affects Cisco Cloud Services Platform (CSP) 2100 running software release 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, or 2.2.2. Cisco Bug IDs: CSCve64690."},{"lang":"es","value":"Una vulnerabilidad en la consola web de Cisco Cloud Services Platform (CSP) 2100 podría permitir que un atacante remoto autenticado interactúe con fines maliciosos con los servicios o máquinas virtuales que operan remotamente en un dispositivo CSP afectado. La vulnerabilidad se debe a una debilidad en la generación de ciertos mecanismos de autenticación en la URL de la consola web. Un atacante podría explotar esta vulnerabilidad navegando por una de las URL de las máquinas virtuales alojadas en Cisco CSP y visualizando patrones específicos que controlan los mecanismos de la aplicación web para el control de autenticación. Un exploit podría permitir que el atacante acceda a una máquina virtual específica en el CSP, lo que provoca una pérdida completa de la confidencialidad, integridad y disponibilidad del sistema. Esta vulnerabilidad afecta a Cisco Cloud Services Platform (CSP) 2100 cuando ejecuta las distribuciones de software 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1 o 2.2.2. Cisco Bug IDs: CSCve64690."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-264"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cloud_services_platform_2100:2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"C1970EA0-E541-4594-84A9-39A4242FAB42"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cloud_services_platform_2100:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"29718258-B19E-44F4-B7CA-534371926004"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cloud_services_platform_2100:2.1.2:*:*:*:*:*:*:*","matchCriteriaId":"FF022130-6341-4F33-9793-FF90B86F3C6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cloud_services_platform_2100:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"07544450-7C3E-40A9-A619-1544120FB6B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cloud_services_platform_2100:2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"0C8E19BA-5E10-4E3D-A63C-BB5643F3BBDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cloud_services_platform_2100:2.2.2:*:*:*:*:*:*:*","matchCriteriaId":"4170C700-6EE6-49B9-B994-4523EE6583E7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/101487","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039613","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/101487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039613","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}