Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities

2020-11-1816:00:00

tools.cisco.com

cisco

iot

field network director

cross-site scripting

vulnerabilities

web ui

unauthenticated

remote attacker

xss attacks

user-supplied input

software updates

security advisory

browser-based.

EPSS

0.001

Percentile

47.0%

JSON

Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system.

The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-XSS-NzOPCGEc [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-XSS-NzOPCGEc”]

Affected configurations

Vulners

Node

ciscocisco_iot_field_network_director_\(iot-fnd\)Matchany

VendorProductVersionCPE
ciscocisco_iot_field_network_director_\(iot-fnd\)anycpe:2.3:a:cisco:cisco_iot_field_network_director_\(iot-fnd\):any:*:*:*:*:*:*:*