CISCO : Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105774

Categoría: CISCO

Título: Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

Resumen: A vulnerability in the HTTP framework of Cisco Firepower Management Center; could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an; affected device.;; The vulnerability is due to insufficient filtering of output data. An attacker could exploit this; vulnerability by persuading a user to follow a link to a malicious site or by intercepting a user; request and injecting malicious code into the request. A successful exploit could allow the attacker; to execute arbitrary script in the context of the site or access sensitive browser-based information.;; Cisco has not released software updates that address this vulnerability. There are no workarounds; that address this vulnerability.

Descripción: Summary:
A vulnerability in the HTTP framework of Cisco Firepower Management Center
could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an
affected device.

The vulnerability is due to insufficient filtering of output data. An attacker could exploit this
vulnerability by persuading a user to follow a link to a malicious site or by intercepting a user
request and injecting malicious code into the request. A successful exploit could allow the attacker
to execute arbitrary script in the context of the site or access sensitive browser-based information.

Cisco has not released software updates that address this vulnerability. There are no workarounds
that address this vulnerability.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1431
Cisco Security Advisory: 20160617 Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmc

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105774
Categoría:	CISCO
Título:	Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
Resumen:	A vulnerability in the HTTP framework of Cisco Firepower Management Center; could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an; affected device.;; The vulnerability is due to insufficient filtering of output data. An attacker could exploit this; vulnerability by persuading a user to follow a link to a malicious site or by intercepting a user; request and injecting malicious code into the request. A successful exploit could allow the attacker; to execute arbitrary script in the context of the site or access sensitive browser-based information.;; Cisco has not released software updates that address this vulnerability. There are no workarounds; that address this vulnerability.
Descripción:	Summary: A vulnerability in the HTTP framework of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an affected device. The vulnerability is due to insufficient filtering of output data. An attacker could exploit this vulnerability by persuading a user to follow a link to a malicious site or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script in the context of the site or access sensitive browser-based information. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1431 Cisco Security Advisory: 20160617 Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmc
Copyright	Copyright (C) 2016 Greenbone Networks GmbH