CVE-2019-1733

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description A vulnerability in the NX API (NX-API) Sandbox interface could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The issue is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this by persuading a user to click a crafted link, potentially allowing the execution of arbitrary script code in the context of the affected interface.

Recommendations For Cisco NX-OS Software, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. As a temporary workaround, consider restricting access to the NX-API Sandbox interface until a patch is applied.