CVE-2019-12702

Name of the Vulnerable Software and Affected Versions Cisco SPA100 Series (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an attacker to conduct cross-site scripting attacks. This could enable a remote attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information by persuading a user to click a crafted link.

Recommendations For Cisco SPA100 Series, consider restricting access to the web-based management interface until a patch is available. As a temporary workaround, avoid using links from untrusted sources to minimize the risk of exploitation.