CVE-2017-3848

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure version 2.2(2) Cisco Prime Infrastructure versions prior to 3.1(0.0)

Description A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. The issue exists due to insufficient protection of the web page structure.

Recommendations For version 2.2(2), update to version 3.1(0.0) or later to resolve the issue. For versions prior to 3.1(0.0), update to version 3.1(0.0) or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP web-based management interface until a patch is available.