Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-104


Cisco Secure Access Control System Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks
Severity Rating: Medium
Systems Affected:
  • Cisco Secure Access Control System
Description
A vulnerability has been identified in Cisco Secure Access Control and could be exploited by remote attackers to conduct a cross-site scripting attack in the vulnerable system. The vulnerability exists in the web-based management interface of the Cisco Secure Access Control System (ACS) and is caused due to insufficient input validation of user-supplied values and a lack of encoding of user-supplied data. This vulnerability can be exploited by convincing a user to click a malicious link. This vulnerability can allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system.
Solution
Users are advised to apply updates.
More information is available on:
Vendor Information
Cisco
 
CVE Information
References
Security Tracker
Cisco Security Bulletin
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis