DOM-Based Cross-Site Scripting in Cisco Secure Access Control System
CVE-2017-3838

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Secure Access Control System
Vendor
CVE Published:
22 February 2017

Summary

A vulnerability in Cisco's Secure Access Control System (ACS) exposes the web interface to potential DOM-based cross-site scripting (XSS) attacks. An unauthenticated remote attacker can exploit this flaw to execute arbitrary scripts in the context of the user's session. The vulnerability primarily affects version 5.8(2.5) of the ACS, allowing attackers to manipulate the content displayed to users, which could lead to unauthorized access or exposure of sensitive information.

Affected Version(s)

Cisco Secure Access Control System Cisco Secure Access Control System

References

http://www.securitytracker.com/id/1037835
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/96234
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.