Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability
CVE-2019-15253

5.4MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Digital Network Architecture Center (dna Center)
Vendor
CVE Published:
5 February 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4.

Affected Version(s)

Cisco Digital Network Architecture Center (DNA Center) 1.3.0.6

Cisco Digital Network Architecture Center (DNA Center) 1.3.1.4

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO
http://packetstormsecurity.com/files/157668/Cisco-Digital...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.