Межсайтовый скриптинг в продуктах Cisco

Дата публикации:
20.03.2007
Дата изменения:
19.03.2007
Всего просмотров:
1588
Опасность:
Низкая
Наличие исправления:
Нет
Количество уязвимостей:
1
CVSSv2 рейтинг:
CVE ID:
Нет данных
Вектор эксплуатации:
Удаленная
Воздействие:
Межсайтовый скриптинг
CWE ID:
Нет данных
Наличие эксплоита:
Нет данных
Уязвимые продукты:
Cisco VPN Client 2.x
Cisco VPN 5000 Client 5.x
CiscoWorks Common Services Software 2.x
CiscoWorks Common Services Software 1.x
Cisco Network Analysis Module (NAM) 3.x
Cisco Unified CallManager 3.x
Cisco Unified Communications Manager 4.x
CiscoWorks Monitoring Center for Security 1.x
CiscoWorks Monitoring Center for Security 2.x
CiscoWorks Management Center for IPS Sensors (IPSMC) 2.x
Cisco 2000 Series Wireless LAN Controller
CiscoWorks Common Services Software 3.x
Cisco Secure ACS 4.x
Cisco Unified Communications Manager 5.x
CiscoWorks Campus Manager 3.x
CiscoWorks Campus Manager 4.x
CiscoWorks Internetwork Performance Monitor (IPM) 2.x
Cisco Unified CallManager 4.x
Cisco Unified CallManager 5.x
Cisco Secure ACS Solution Engine 4.x
Cisco Unified Personal Communicator 1.x
Cisco Unified MeetingPlace 5.x
Cisco Unified MeetingPlace 4.x
Cisco Unified MeetingPlace 6.x
Cisco Unified MeetingPlace Express 2.x
Cisco Unified MeetingPlace Express 1.x
Cisco IP Communicator 1.x
Cisco IP Communicator 2.x
Cisco Unified Video Advantage 2.x
Cisco Unified Videoconferencing 3500 Series Products
Cisco WAN Manager (CWM) 15.x
Cisco WAN Manager (CWM) 12.x
Cisco WAN Manager (CWM) 11.x
Cisco WAN Manager (CWM) 10.x
Cisco Router and Security Device Manager (SDM)
Уязвимые версии:
Cisco 2000 Series Wireless LAN Controller
Cisco Unified Videoconferencing 3500 Series Products
Cisco Secure ACS Solution Engine 4.x
CiscoWorks Monitoring Center for Security 1.x
CiscoWorks Management Center for IPS Sensors (IPSMC) 2.x
CiscoWorks Internetwork Performance Monitor (IPM) 2.x
CiscoWorks Common Services Software 3.x
CiscoWorks Common Services Software 2.x
CiscoWorks Common Services Software 1.x
CiscoWorks Campus Manager 4.x
CiscoWorks Campus Manager 3.x
Cisco WAN Manager (CWM) 15.x
Cisco WAN Manager (CWM) 12.x
Cisco WAN Manager (CWM) 11.x
Cisco WAN Manager (CWM) 10.x
Cisco VPN Client 2.x
Cisco VPN 5000 Client 5.x
Cisco Unified Video Advantage 2.x
Cisco Unified Personal Communicator 1.x
Cisco Unified MeetingPlace Express 2.x
Cisco Unified MeetingPlace Express 1.x
Cisco Unified MeetingPlace 6.x
Cisco Unified MeetingPlace 5.x
Cisco Unified MeetingPlace 4.x
Cisco Unified CallManager 5.x
Cisco Unified CallManager 4.x
Cisco Secure ACS 4.x
Cisco IP Communicator 2.x
Cisco IP Communicator 1.x
Cisco Catalyst 6500 Series Network Analysis Module (NAM-1/NAM-2)
Cisco CallManager 5.x
Cisco CallManager 4.x
Cisco CallManager 3.x
CiscoWorks Monitoring Center for Security 2.x
Cisco Router and Security Device Manager (SDM)

Описание:
Уязвимость позволяет удаленному пользователю произвести XSS нападение.

Уязвимость существует из-за недостаточной обработки входных данных в коде поиска в PreSearch.html или PreSearch.class (в зависимости от ПО и устройства). Удаленный пользователь может с помощью специально сформированного запроса выполнить произвольный код сценария в браузере жертвы в контексте безопасности уязвимого сайта.

URL производителя: www.cisco.com

Решение: Для устранения уязвимости следуйте инструкциям производителя.

Ссылки: Cisco Security Response: Cross-Site Scripting Vulnerability in Online Help System

или введите имя

CAPTCHA