Lucene search

CiscoCISCO-SA-20151117-FIREPOWER2

HistoryNov 17, 2015 - 12:00 a.m.

Cisco Firepower 9000 Persistent Cross-Site Scripting Vulnerability

2015-11-1700:00:00

tools.cisco.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.2%

JSON

A vulnerability in the HTTP web-based management interface of Cisco Firepower 9000 devices could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system.

The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click on a specific link.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower2[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower2”]

Affected configurations

Vulners

Node

ciscofirepower_extensible_operating_systemMatchany

CPENameOperatorVersion
firepower extensible operating systemeqany
cisco firepower extensible operating systemeqany

CPE	Name	Operator	Version
	firepower extensible operating system	eq	any
	cisco firepower extensible operating system	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower2

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.2%

JSON

Related for CISCO-SA-20151117-FIREPOWER2