Cross-site Scripting Vulnerability in Cisco IronPort Encryption Appliance
CVE-2012-0340

Currently unrated

Key Information:

Vendor: Cisco
Status: Ironport Encryption Appliance
Vendor: CVE Published:; 13 February 2012

Summary

The Cisco IronPort Encryption Appliance is susceptible to a cross-site scripting (XSS) vulnerability in its management interface. This weakness allows remote attackers to inject malicious web scripts or HTML into web pages viewed by administrative users. Specifically, unvalidated input in the header parameter of the default URI under the admin section enables exploitation, potentially leading to unauthorized access or data exposure. Users are advised to upgrade to software version 6.5.3 or later to mitigate this risk.

References

http://www.secureworks.com/research/advisories/SWRX-2012-...

x_refsource_MISC

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 13, 2012
Vulnerability Reserved
Jan 4, 2012