CISCO : Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.105774

Category: CISCO

Title: Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

Summary: A vulnerability in the HTTP framework of Cisco Firepower Management Center; could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an; affected device.;; The vulnerability is due to insufficient filtering of output data. An attacker could exploit this; vulnerability by persuading a user to follow a link to a malicious site or by intercepting a user; request and injecting malicious code into the request. A successful exploit could allow the attacker; to execute arbitrary script in the context of the site or access sensitive browser-based information.;; Cisco has not released software updates that address this vulnerability. There are no workarounds; that address this vulnerability.

Description: Summary:
A vulnerability in the HTTP framework of Cisco Firepower Management Center
could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an
affected device.

The vulnerability is due to insufficient filtering of output data. An attacker could exploit this
vulnerability by persuading a user to follow a link to a malicious site or by intercepting a user
request and injecting malicious code into the request. A successful exploit could allow the attacker
to execute arbitrary script in the context of the site or access sensitive browser-based information.

Cisco has not released software updates that address this vulnerability. There are no workarounds
that address this vulnerability.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-1431
Cisco Security Advisory: 20160617 Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmc

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.105774
Category:	CISCO
Title:	Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
Summary:	A vulnerability in the HTTP framework of Cisco Firepower Management Center; could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an; affected device.;; The vulnerability is due to insufficient filtering of output data. An attacker could exploit this; vulnerability by persuading a user to follow a link to a malicious site or by intercepting a user; request and injecting malicious code into the request. A successful exploit could allow the attacker; to execute arbitrary script in the context of the site or access sensitive browser-based information.;; Cisco has not released software updates that address this vulnerability. There are no workarounds; that address this vulnerability.
Description:	Summary: A vulnerability in the HTTP framework of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an affected device. The vulnerability is due to insufficient filtering of output data. An attacker could exploit this vulnerability by persuading a user to follow a link to a malicious site or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script in the context of the site or access sensitive browser-based information. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1431 Cisco Security Advisory: 20160617 Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmc
Copyright	Copyright (C) 2016 Greenbone AG