Vigil@nce - Cisco IOS, IOS XE: Cross Site Scripting via Cisco Local Manager
November 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger a Cross Site Scripting via Cisco Local
Manager of Cisco IOS and IOS XE, in order to run JavaScript code
in the context of the web site.
Impacted products: Cisco Catalyst, IOS by Cisco, IOS XE Cisco,
Cisco Router.
Severity: 2/4.
Creation date: 15/09/2016.
DESCRIPTION OF THE VULNERABILITY
The Cisco IOS and IOS XE product offers a Cisco Local Manager
service.
However, it does not filter received data before inserting them in
generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Cisco
Local Manager of Cisco IOS and IOS XE, in order to run JavaScript
code in the context of the web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN