Cisco Secure Network Analytics Vulnerability Could Lead to XSS Attacks
CVE-2022-20663

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Network Analytics
Vendor: CVE Published:; 15 November 2024

Summary

A vulnerability exists within the web-based management interface of Cisco Secure Network Analytics, which may permit unauthenticated, remote attackers to launch cross-site scripting (XSS) attacks against interface users. This flaw results from inadequate validation of user input handled by the affected software's management interface. Attackers can exploit this vulnerability by convincing users to click on specially crafted links. Successful exploitation may enable attackers to execute arbitrary scripts within the context of the interface or obtain sensitive browser-based information. Cisco has issued software updates to remediate this vulnerability, with no alternative workarounds available.

Affected Version(s)

Cisco Secure Network Analytics

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 2, 2021