Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to perform reflected cross-site scripting (XSS) attacks.   The vulnerabilities are due to insufficient validation of user-supplied input by the affected software. An attacker could exploit these vulnerabilities by persuading a user to click a crafted URL that is designed to submit malicious code to the affected software. Cisco has confirmed the vulnerabilities; however, software updates are not available. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Administrators are advised to contact the vendor regarding future updates and releases.

Users should verify that unsolicited links are safe to follow.

For additional information about XSS attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Scripting (XSS) Threat Vectorshttp://www.cisco.com/c/en/us/support/docs/cmb/cisco-amb-20060922-understanding-xss.html .

Administrators are advised to monitor affected systems.