CVE-2020-3340

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input in the web-based management interface, allowing an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack. This could enable the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The attacker would need valid administrative credentials to exploit these vulnerabilities.

Recommendations To resolve the issue, update the Cisco Identity Services Engine to a version that includes the fix for the insufficient validation of user-supplied input. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using the interface with administrative credentials until the issue is resolved.