Lucene search

CiscoCISCO-SA-CPAR-STRD-XSS-A4DCVETG

HistoryNov 03, 2021 - 4:00 p.m.

Cisco Prime Access Registrar Stored Cross-Site Scripting Vulnerability

2021-11-0316:00:00

tools.cisco.com

cisco

prime access registrar

vulnerability

web-based management

cross-site scripting

attack

user input

exploit

software updates

advisory

EPSS

0.001

Percentile

29.2%

JSON

A vulnerability in the web-based management interface of Cisco Prime Access Registrar could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system.

This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials.

Cisco expects to release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpar-strd-xss-A4DCVETG [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpar-strd-xss-A4DCVETG”]

Affected configurations

Vulners

Node

ciscoprime_access_registrarMatchany

VendorProductVersionCPE
ciscoprime_access_registraranycpe:2.3:a:cisco:prime_access_registrar:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_access_registrar	any	cpe:2.3:a:cisco:prime_access_registrar:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpar-strd-xss-A4DCVETG

EPSS

0.001

Percentile

29.2%

JSON

Related for CISCO-SA-CPAR-STRD-XSS-A4DCVETG