Cisco Prime Access Registrar Appliance Vulnerability Could Lead to Cross-Site Scripting Attacks
CVE-2022-20626

5.5MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Access Registrar
Vendor
CVE Published:
15 November 2024

Summary

A vulnerability exists in the web-based management interface of the Cisco Prime Access Registrar Appliance that permits authenticated remote attackers to initiate cross-site scripting (XSS) attacks against users of the interface. This issue arises from inadequate validation of user-supplied input, enabling attackers to exploit the vulnerability by enticing users to click on a specially crafted link. If successfully exploited, this vulnerability could allow attackers to execute arbitrary script code within the context of the interface or gain access to sensitive information stored in the browser. Cisco has released software updates to mitigate this vulnerability; however, no workarounds are available.

Affected Version(s)

Cisco Prime Access Registrar 6.0.2.4

Cisco Prime Access Registrar 6.0.1.2

Cisco Prime Access Registrar 6.0.2.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.