CVE-2017-6782

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure version 3.2(0.0)

Description A vulnerability in the administrative web interface could allow an authenticated, remote attacker to modify a page in the web interface. The issue is due to improper sanitization of parameter values. An attacker could exploit this by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code.

Recommendations For Cisco Prime Infrastructure version 3.2(0.0), consider restricting access to the administrative web interface until a fix is available. As a temporary workaround, avoid using parameters that could be used to inject malicious code into the web interface.