Межсайтовый скриптинг в продуктах Cisco
| Дата публикации: | 20.03.2007 |
| Дата изменения: | 19.03.2007 |
| Всего просмотров: | 1856 |
| Опасность: | Низкая |
| Наличие исправления: | Нет |
| Количество уязвимостей: | 1 |
| CVE ID: | Нет данных |
| Вектор эксплуатации: | Удаленная |
| Воздействие: | Межсайтовый скриптинг |
| CWE ID: | Нет данных |
| Наличие эксплоита: | Нет данных |
| Уязвимые продукты: |
Cisco VPN Client 2.x
Cisco VPN 5000 Client 5.x CiscoWorks Common Services Software 2.x CiscoWorks Common Services Software 1.x Cisco Network Analysis Module (NAM) 3.x Cisco Unified CallManager 3.x Cisco Unified Communications Manager 4.x CiscoWorks Monitoring Center for Security 1.x CiscoWorks Monitoring Center for Security 2.x CiscoWorks Management Center for IPS Sensors (IPSMC) 2.x Cisco 2000 Series Wireless LAN Controller CiscoWorks Common Services Software 3.x Cisco Secure ACS 4.x Cisco Unified Communications Manager 5.x CiscoWorks Campus Manager 3.x CiscoWorks Campus Manager 4.x CiscoWorks Internetwork Performance Monitor (IPM) 2.x Cisco Unified CallManager 4.x Cisco Unified CallManager 5.x Cisco Secure ACS Solution Engine 4.x Cisco Unified Personal Communicator 1.x Cisco Unified MeetingPlace 5.x Cisco Unified MeetingPlace 4.x Cisco Unified MeetingPlace 6.x Cisco Unified MeetingPlace Express 2.x Cisco Unified MeetingPlace Express 1.x Cisco IP Communicator 1.x Cisco IP Communicator 2.x Cisco Unified Video Advantage 2.x Cisco Unified Videoconferencing 3500 Series Products Cisco WAN Manager (CWM) 15.x Cisco WAN Manager (CWM) 12.x Cisco WAN Manager (CWM) 11.x Cisco WAN Manager (CWM) 10.x Cisco Router and Security Device Manager (SDM) |
| Уязвимые версии: Cisco 2000 Series Wireless LAN Controller Cisco Unified Videoconferencing 3500 Series Products Cisco Secure ACS Solution Engine 4.x CiscoWorks Monitoring Center for Security 1.x CiscoWorks Management Center for IPS Sensors (IPSMC) 2.x CiscoWorks Internetwork Performance Monitor (IPM) 2.x CiscoWorks Common Services Software 3.x CiscoWorks Common Services Software 2.x CiscoWorks Common Services Software 1.x CiscoWorks Campus Manager 4.x CiscoWorks Campus Manager 3.x Cisco WAN Manager (CWM) 15.x Cisco WAN Manager (CWM) 12.x Cisco WAN Manager (CWM) 11.x Cisco WAN Manager (CWM) 10.x Cisco VPN Client 2.x Cisco VPN 5000 Client 5.x Cisco Unified Video Advantage 2.x Cisco Unified Personal Communicator 1.x Cisco Unified MeetingPlace Express 2.x Cisco Unified MeetingPlace Express 1.x Cisco Unified MeetingPlace 6.x Cisco Unified MeetingPlace 5.x Cisco Unified MeetingPlace 4.x Cisco Unified CallManager 5.x Cisco Unified CallManager 4.x Cisco Secure ACS 4.x Cisco IP Communicator 2.x Cisco IP Communicator 1.x Cisco Catalyst 6500 Series Network Analysis Module (NAM-1/NAM-2) Cisco CallManager 5.x Cisco CallManager 4.x Cisco CallManager 3.x CiscoWorks Monitoring Center for Security 2.x Cisco Router and Security Device Manager (SDM) Описание: Уязвимость существует из-за недостаточной обработки входных данных в коде поиска в PreSearch.html или PreSearch.class (в зависимости от ПО и устройства). Удаленный пользователь может с помощью специально сформированного запроса выполнить произвольный код сценария в браузере жертвы в контексте безопасности уязвимого сайта. URL производителя: www.cisco.com Решение: Для устранения уязвимости следуйте инструкциям производителя. |
|
| Ссылки: | Cisco Security Response: Cross-Site Scripting Vulnerability in Online Help System |