4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.897 High
EPSS
Percentile
98.8%
Cisco Unified Operations Manager contains a cross-site scripting vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.
The vulnerability is due to improper validation of user input supplied to the Common Services Device Center component used by the affected application. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious link. If successful, the attacker could conduct cross-site scripting attacks and access sensitive information.
Exploit code is available.
Cisco has confirmed this vulnerability; however, software updates are not available.
An attacker cannot directly exploit this vulnerability and instead must rely on user participation to accomplish an exploit. The attacker must convince a user to view a malicious link. The attacker may provide links to users in e-mail or instant messages or by posting links to public websites. When followed, the malicious link may trigger the vulnerability and allow the attacker to access sensitive information that may include user credentials. Attackers could use the information gained from the attack to launch further attacks against a targeted system.
This vulnerability was discovered and reported to Cisco Systems by Brett Gervasoni of Sense of Security.
CPE | Name | Operator | Version |
---|---|---|---|
cisco unified operations manager | eq | any | |
cisco unified operations manager | eq | any |