Cisco Building Broadband Service Manager (BBSM) 5.3 SP2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.
The vulnerability exists due to an input validation error in certain web pages associated with the BBSM web interface. An attacker could exploit this vulnerability by convincing an authenticated user to follow a crafted link designed to conduct the cross-site scripting attack. Successful exploits could allow the attacker to execute arbitrary script code on the system with the privileges of the targeted user.
Proof-of-concept URLs are available to demonstrate this vulnerability.
Cisco confirmed this vulnerability in a Cisco bug ID and released a patch to correct it.
Social engineering tactics must be employed to exploit this vulnerability because the attacker must convince a user to follow a malicious link sent via e-mail or other forms of messaging. Attackers cannot exploit this vulnerability directly and must rely on user interaction, reducing the likelihood of an attack.
Attackers may be able to gain access to user cookies and recently submitted data. The attacker may also be able to take actions as the targeted user on the affected software.