#VU62334 Stored cross-site scripting in Cisco Systems, Inc Operating systems & Components


Published: 2022-04-14

Vulnerability identifier: #VU62334

Vulnerability risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20725

CWE-ID: CWE-79

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
800 Series Industrial Integrated Services Routers
Other software / Other software solutions
Industrial Ethernet 4000 Series Switches
Other software / Other software solutions
800 Series Integrated Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco 1000 Series Integrated Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
4000 Series Integrated Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco ASR 1000 Series Aggregation Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 9x00 Series Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst IE3400 Rugged Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
Embedded Services 3300 Series Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc
IR510 WPAN Industrial Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
IC3000 Industrial Compute Gateway
Hardware solutions / Routers & switches, VoIP, GSM, etc
CGR1000 Compute Modules
Hardware solutions / Firmware
Cisco IOx
Hardware solutions / Firmware
Cisco IOS XE
Operating systems & Components / Operating system
Cisco IOS
Operating systems & Components / Operating system

Vendor: Cisco Systems, Inc

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based Local Manager interface. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

800 Series Industrial Integrated Services Routers: All versions

800 Series Integrated Services Routers: All versions

CGR1000 Compute Modules: All versions

Industrial Ethernet 4000 Series Switches: All versions

Cisco 1000 Series Integrated Services Routers: All versions

4000 Series Integrated Services Routers: All versions

Cisco ASR 1000 Series Aggregation Services Routers: All versions

Catalyst 9x00 Series Switches: All versions

Catalyst IE3400 Rugged Series: All versions

Embedded Services 3300 Series Switches: All versions

IR510 WPAN Industrial Routers: All versions

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Cisco IOx Application Hosting Environment