====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN308
_____________________________________________________________________

DATE                : 19/10/2017

HARDWARE PLATFORM(S): Cisco Cloud Services Platform.

OPERATING SYSTEM(S): Cisco Cloud Services Platform software prior to
                        version 2.2.3.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs
____________________________________________________________________

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Unauthorized
Access Vulnerability

Advisory ID: cisco-sa-20171018-ccs

Revision: 1.0

For Public Release: 2017 October 18 16:00 GMT

Last Updated: 2017 October 18 16:00 GMT

CVE ID(s): CVE-2017-12251

CVSS Score v(3): 9.9 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the web console of the Cisco Cloud Services Platform
(CSP) 2100 could allow an authenticated, remote attacker to interact
maliciously with the services or virtual machines (VMs) operating
remotely on an affected CSP device.

The vulnerability is due to weaknesses in the generation of certain
authentication mechanisms in the URL of the web console. An attacker
could exploit this vulnerability by browsing to one of the hosted VMs'
URLs in Cisco CSP and viewing specific patterns that control the web
application's mechanisms for authentication control. An exploit could
allow the attacker to access a specific VM on the CSP, which causes a
complete loss of the system's confidentiality, integrity, and
availability.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================