Cisco Secure Access Control System Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks
Severity Rating: Medium
- Cisco Secure Access Control System
A vulnerability has been identified in Cisco Secure Access Control and could be exploited by remote attackers to conduct a cross-site scripting attack in the vulnerable system. The vulnerability exists in the web-based management interface of the Cisco Secure Access Control System (ACS) and is caused due to insufficient input validation of user-supplied values and a lack of encoding of user-supplied data. This vulnerability can be exploited by convincing a user to click a malicious link. This vulnerability can allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system.
Users are advised to apply updates.
More information is available on:
Cisco Security Bulletin
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street