Lucene search

CiscoCVELIST:CVE-2022-20741

HistoryApr 06, 2022 - 6:13 p.m.

CVE-2022-20741 Cisco Secure Network Analytics Network Diagrams Application Cross-Site Scripting Vulnerability

2022-04-0618:13:24

CWE-79

cisco

www.cve.org

cisco secure network analytics

cross-site scripting

vulnerability

web-based management interface

user-supplied input

crafted link

arbitrary script code

sensitive information

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.2%

JSON

A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

CNA Affected

[
  {
    "product": "Cisco Secure Network Analytics",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-mCA9tQnJ