Cross-Site Scripting Vulnerability in Cisco Prime Data Center Network Manager
CVE-2018-0144

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Data Center Network Manager
Vendor
CVE Published:
8 March 2018

Summary

A vulnerability exists in the web-based management interface of Cisco Prime Data Center Network Manager, allowing an unauthenticated remote attacker to perform cross-site scripting (XSS) attacks. This issue is due to the insufficient validation of user inputs within the interface. An attacker can exploit this flaw by convincing a user to click a specially crafted link, potentially leading to the execution of arbitrary script code in the user's browser context. Successful exploitation may enable attackers to gain access to sensitive information stored by the browser, compromising the security of the affected system.

Affected Version(s)

Cisco Prime Data Center Network Manager Cisco Prime Data Center Network Manager

References

http://www.securityfocus.com/bid/103327
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040469
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.