Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability

2020-01-2216:00:00

tools.cisco.com

EPSS

0.002

Percentile

51.5%

JSON

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

There are no workarounds that address this vulnerability

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss”]

Affected configurations

Vulners

Node

ciscocisco_550x_series_stackable_managed_switchesMatchany

ciscocisco_small_business_250_series_smart_switches_softwareMatchany

ciscocisco_small_business_350_series_managed_switches_softwareMatchany

ciscociscoMatch550x_series_stackable_managed_switches

ciscosmall_business_srp541wMatch250_series_smart_switches_software

ciscosmall_business_srp541wMatch350_series_managed_switches_software

VendorProductVersionCPE
ciscocisco_550x_series_stackable_managed_switchesanycpe:2.3:a:cisco:cisco_550x_series_stackable_managed_switches:any:*:*:*:*:*:*:*
ciscocisco_small_business_250_series_smart_switches_softwareanycpe:2.3:a:cisco:cisco_small_business_250_series_smart_switches_software:any:*:*:*:*:*:*:*
ciscocisco_small_business_350_series_managed_switches_softwareanycpe:2.3:a:cisco:cisco_small_business_350_series_managed_switches_software:any:*:*:*:*:*:*:*
ciscocisco550x_series_stackable_managed_switchescpe:2.3:a:cisco:cisco:550x_series_stackable_managed_switches:*:*:*:*:*:*:*
ciscosmall_business_srp541w250_series_smart_switches_softwarecpe:2.3:h:cisco:small_business_srp541w:250_series_smart_switches_software:*:*:*:*:*:*:*
ciscosmall_business_srp541w350_series_managed_switches_softwarecpe:2.3:h:cisco:small_business_srp541w:350_series_managed_switches_software:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cisco_550x_series_stackable_managed_switches	any	cpe:2.3:a:cisco:cisco_550x_series_stackable_managed_switches:any:::::::*
cisco	cisco_small_business_250_series_smart_switches_software	any	cpe:2.3:a:cisco:cisco_small_business_250_series_smart_switches_software:any:::::::*
cisco	cisco_small_business_350_series_managed_switches_software	any	cpe:2.3:a:cisco:cisco_small_business_350_series_managed_switches_software:any:::::::*
cisco	cisco	550x_series_stackable_managed_switches	cpe:2.3:a:cisco:cisco:550x_series_stackable_managed_switches:::::::*
cisco	small_business_srp541w	250_series_smart_switches_software	cpe:2.3:h:cisco:small_business_srp541w:250_series_smart_switches_software:::::::*
cisco	small_business_srp541w	350_series_managed_switches_software	cpe:2.3:h:cisco:small_business_srp541w:350_series_managed_switches_software:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss

EPSS

0.002

Percentile

51.5%

JSON

Related for CISCO-SA-20200122-SBSMS-XSS