CVE-2017-6611

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure version 2.2(2)

Description A vulnerability in the web framework code could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The issue is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this by convincing the user to access a malicious link or by intercepting the user request and injecting malicious code. This could allow the attacker to execute arbitrary script code in the context of the affected site or access sensitive browser-based information.

Recommendations For Cisco Prime Infrastructure version 2.2(2), update to a version that includes the fix for Cisco Bug ID CSCuw65830 to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the web interface until the issue is resolved.