Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure and Evolved Programmable Network Manager
CVE-2017-6699

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Infrastructure And Evolved Programmable Network Manager
Vendor
CVE Published:
4 July 2017

Summary

A vulnerability exists in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network Manager that allows unauthenticated remote attackers to execute reflected cross-site scripting (XSS) attacks. This can result in the injection of malicious scripts into the web page viewed by users, potentially compromising their data and interactions with the management interface. The vulnerability is particularly concerning as it affects versions 3.1(1) and 2.0(4.0.45B) of the affected products, highlighting the need for prompt mitigation to secure sensitive management tasks.

Affected Version(s)

Cisco Prime Infrastructure and Evolved Programmable Network Manager Cisco Prime Infrastructure and Evolved Programmable Network Manager

References

http://www.securitytracker.com/id/1038751
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99221
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.