SymmetricalDataSecurity: Cisco FireSIGHT System Software Device Management UI Cross-Site Scripting Vulnerability

Thursday, March 3, 2016

Cisco FireSIGHT System Software Device Management UI Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.

The vulnerability is due to insufficient input validation of a user-supplied value in the Device Management user interface (UI). An attacker could exploit this vulnerability by persuading a user to click a specific link.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/1LVjJqp A vulnerability in the HTTP web-based management interface of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.

The vulnerability is due to insufficient input validation of a user-supplied value in the Device Management user interface (UI). An attacker could exploit this vulnerability by persuading a user to click a specific link.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/1LVjJqp
Security Impact Rating: Medium
CVE: CVE-2016-1355

from Cisco Security Advisory http://ift.tt/1LVjJqp

SymmetricalDataSecurity

Thursday, March 3, 2016

Cisco FireSIGHT System Software Device Management UI Cross-Site Scripting Vulnerability

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews