JVN#28344798 Cisco IOS cross-site scripting vulnerability

2009-01-15T00:00:00
ID JVN:28344798
Type jvn
Reporter Japan Vulnerability Notes
Modified 2009-01-15T00:00:00

Description

## Description

Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability.

## Impact

An arbitrary script may be executed on the user's web browser.

## Solution

Update the Software
Apply the latest firmware provided by Cisco.

Workaround
The users who are not able to update to the latest firmware should disable the web-based interface to mitigate this vulnerability.

## Products Affected

  • A wide range of versions are affected.

If the web-based interface is disabled, it is not affected. Some versions of the Cisco IOS have the web-based interface enabled by default.
For more information, refer to the information provided by Cisco.