cisco-sa-20170215-fpmc

Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability

cisco-sa-20170215-fpmc · Medium · Published 9 years ago · Updated 9 years ago

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability occurs because the affected software fails to perform sufficient validation and sanitization of user-supplied input when processing crafted URLs. An authenticated, remote attacker could exploit the vulnerability by convincing a user to follow a malicious link. Successful exploitation could allow the attacker to execute arbitrary script code in the context of the affected site and allow the attacker to access sensitive browser-based information. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-fpmc

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2017-3847
Cisco Bug IDs	CSCvc72741
CVSS Score	Base 4.8 Base 4.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source	Cisco Firepower Management Center 6.2.1, Cisco Secure Firewall Management Center (FMC), Cisco Firepower Management Center

Related Products

Product	CVE	Evidence
Cisco Secure Firewall Management Center (FMC)	CVE-2017-3847	Cisco OpenVuln
Cisco Firepower Management Center	CVE-2017-3847	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability

Workarounds

Related Products