PT-2017-17253 · Cisco · Cisco Prime Infrastructure

Published

2017-07-04

Updated

2019-07-29

CVE-2017-6699

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions 2.0(4.0.45B) through 3.1(1)

Description A reflected cross-site scripting (XSS) attack can be conducted by an unauthenticated, remote attacker against a user of the web-based management interface of an affected device.

Recommendations For versions 2.0(4.0.45B) through 3.1(1), consider disabling access to the web-based management interface until a fix is available. Restrict access to the management interface to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-6699

Affected Products

Cisco Prime Infrastructure

PT-2017-17253 · Cisco · Cisco Prime Infrastructure

CVE-2017-6699

Weakness Enumeration

Related Identifiers

Affected Products

References · 5