CVE-2022-20647

Name of the Vulnerable Software and Affected Versions Cisco Security Manager (affected versions not specified) Cisco Secure Network Analytics (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input by the web-based management interface, which could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. This can be achieved by persuading a user to click a crafted link, potentially allowing the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The vulnerability is also associated with inadequate protection of the web page structure.

Recommendations For Cisco Security Manager, consider restricting access to the web-based management interface until a fix is available. For Cisco Secure Network Analytics, as a temporary workaround, consider disabling the web-based interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.