CVE-2019-1643

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. This could enable the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. The exploitation may occur when a user of the interface clicks a maliciously crafted link.

Recommendations For all affected versions of Cisco Prime Infrastructure, consider implementing input validation mechanisms to prevent malicious input from being processed by the web-based management interface. As a temporary workaround, restrict access to the web-based management interface to minimize the risk of exploitation. Avoid clicking on suspicious or unfamiliar links within the interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.