4 matches found
CVE-2017-12251
The CVE-2017-12251 issue affects Cisco Cloud Services Platform (CSP) 2100 running software releases 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, or 2.2.2. The vulnerability arises from weaknesses in the generation of authentication mechanisms in the CSP web console URL, enabling an authenticated, remote at...
CVE-2018-0394
Cisco Cloud Services Platform 2100 has a web upload function input-validation vulnerability that allows an authenticated, remote attacker to inject code and obtain restricted shell access. Root cause: insufficient validation of parameters in a UI function. Impact: restricted shell access on affec...
CVE-2016-6373
Cisco Cloud Services Platform (CSP) 2100 web GUI vulnerability (CVE-2016-6373) affects CSP2100 2100 series running 2.0 and 2.x prior to 2.1.0. An authenticated remote attacker can inject commands via crafted platform requests to execute arbitrary OS commands with root privileges. The issue stems ...
CVE-2016-6374
CVE-2016-6374 affects Cisco Cloud Services Platform (CSP) 2100, specifically 2.x prior to 2.1.0, where an unauthenticated, remote attacker can exploit a web GUI input sanitization flaw to execute arbitrary code via a crafted dnslookup HTTP request. Root cause: improper sanitization of user-suppli...