Lucene search

CiscoCVE-2021-1374

HistoryMar 24, 2021 - 9:15 p.m.

CVE-2021-1374

2021-03-2421:15:12

CWE-79

cisco

web.nvd.nist.gov

cisco

ios xe

wireless controller

xss

vulnerability

catalyst 9000

cross-site scripting

nvd

security

web-based management interface

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by authenticating to the device as a high-privileged user, adding certain configurations with malicious code in one of its fields, and persuading another user to click on it. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.

Affected configurations

Nvd

Node

ciscoios_xeMatch16.6.1

ciscoios_xeMatch16.6.2

ciscoios_xeMatch16.6.3

ciscoios_xeMatch16.6.4

ciscoios_xeMatch16.6.4a

ciscoios_xeMatch16.6.4s

ciscoios_xeMatch16.6.5

ciscoios_xeMatch16.6.5a

ciscoios_xeMatch16.6.5b

ciscoios_xeMatch16.6.6

ciscoios_xeMatch16.6.7

ciscoios_xeMatch16.6.7a

ciscoios_xeMatch16.6.8

ciscoios_xeMatch16.7.1

ciscoios_xeMatch16.7.1a

ciscoios_xeMatch16.7.1b

ciscoios_xeMatch16.7.2

ciscoios_xeMatch16.7.3

ciscoios_xeMatch16.7.4

ciscoios_xeMatch16.8.1

ciscoios_xeMatch16.8.1a

ciscoios_xeMatch16.8.1b

ciscoios_xeMatch16.8.1c

ciscoios_xeMatch16.8.1d

ciscoios_xeMatch16.8.1e

ciscoios_xeMatch16.8.1s

ciscoios_xeMatch16.8.2

ciscoios_xeMatch16.8.3

ciscoios_xeMatch16.9.1

ciscoios_xeMatch16.9.1a

ciscoios_xeMatch16.9.1b

ciscoios_xeMatch16.9.1c

ciscoios_xeMatch16.9.1d

ciscoios_xeMatch16.9.1s

ciscoios_xeMatch16.9.2

ciscoios_xeMatch16.9.2a

ciscoios_xeMatch16.9.2s

ciscoios_xeMatch16.9.3

ciscoios_xeMatch16.9.3a

ciscoios_xeMatch16.9.3h

ciscoios_xeMatch16.9.3s

ciscoios_xeMatch16.9.4

ciscoios_xeMatch16.9.4c

ciscoios_xeMatch16.9.5

ciscoios_xeMatch16.9.5f

ciscoios_xeMatch16.10.1

ciscoios_xeMatch16.10.1a

ciscoios_xeMatch16.10.1b

ciscoios_xeMatch16.10.1c

ciscoios_xeMatch16.10.1d

ciscoios_xeMatch16.10.1e

ciscoios_xeMatch16.10.1f

ciscoios_xeMatch16.10.1g

ciscoios_xeMatch16.10.1s

ciscoios_xeMatch16.10.2

ciscoios_xeMatch16.10.3

ciscoios_xeMatch16.11.1

ciscoios_xeMatch16.11.1a

ciscoios_xeMatch16.11.1b

ciscoios_xeMatch16.11.1c

ciscoios_xeMatch16.11.1s

ciscoios_xeMatch16.11.2

ciscoios_xeMatch16.12.1

ciscoios_xeMatch16.12.1a

ciscoios_xeMatch16.12.1c

ciscoios_xeMatch16.12.1s

ciscoios_xeMatch16.12.1t

ciscoios_xeMatch16.12.1w

ciscoios_xeMatch16.12.1x

ciscoios_xeMatch16.12.1y

ciscoios_xeMatch16.12.1z

ciscoios_xeMatch16.12.2

ciscoios_xeMatch16.12.2a

ciscoios_xeMatch16.12.2s

ciscoios_xeMatch16.12.2t

ciscoios_xeMatch16.12.3

ciscoios_xeMatch16.12.3a

ciscoios_xeMatch16.12.3s

ciscoios_xeMatch16.12.4

ciscoios_xeMatch16.12.4a

ciscoios_xeMatch17.1.1

ciscoios_xeMatch17.1.1a

ciscoios_xeMatch17.1.1s

ciscoios_xeMatch17.1.1t

ciscoios_xeMatch17.1.2

ciscoios_xeMatch17.2.1

ciscoios_xeMatch17.2.1a

ciscoios_xeMatch17.2.1r

ciscoios_xeMatch17.2.1v

VendorProductVersionCPE
ciscoios_xe16.6.1cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*
ciscoios_xe16.6.2cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*
ciscoios_xe16.6.3cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*
ciscoios_xe16.6.4cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*
ciscoios_xe16.6.4acpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*
ciscoios_xe16.6.4scpe:2.3:o:cisco:ios_xe:16.6.4s:*:*:*:*:*:*:*
ciscoios_xe16.6.5cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*
ciscoios_xe16.6.5acpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*
ciscoios_xe16.6.5bcpe:2.3:o:cisco:ios_xe:16.6.5b:*:*:*:*:*:*:*
ciscoios_xe16.6.6cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	16.6.1	cpe:2.3:o:cisco:ios_xe:16.6.1:::::::*
cisco	ios_xe	16.6.2	cpe:2.3:o:cisco:ios_xe:16.6.2:::::::*
cisco	ios_xe	16.6.3	cpe:2.3:o:cisco:ios_xe:16.6.3:::::::*
cisco	ios_xe	16.6.4	cpe:2.3:o:cisco:ios_xe:16.6.4:::::::*
cisco	ios_xe	16.6.4a	cpe:2.3:o:cisco:ios_xe:16.6.4a:::::::*
cisco	ios_xe	16.6.4s	cpe:2.3:o:cisco:ios_xe:16.6.4s:::::::*
cisco	ios_xe	16.6.5	cpe:2.3:o:cisco:ios_xe:16.6.5:::::::*
cisco	ios_xe	16.6.5a	cpe:2.3:o:cisco:ios_xe:16.6.5a:::::::*
cisco	ios_xe	16.6.5b	cpe:2.3:o:cisco:ios_xe:16.6.5b:::::::*
cisco	ios_xe	16.6.6	cpe:2.3:o:cisco:ios_xe:16.6.6:::::::*

Rows per page:

1-10 of 891

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-xss-cAfMtCzv

Social References

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

Related for CVE-2021-1374