Cisco IOS XE Software Multiple Cross Site Scripting Vulnerabilities

Cisco IOS XE Software is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize the user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

These issues are being tracked by Cisco Bug IDs CSCuz38591, CSCvb09530, and CSCvb10022.

Information

Bugtraq ID: 103551
Class: Input Validation Error
CVE: CVE-2018-0186
CVE-2018-0188
CVE-2018-0190

Remote: Yes
Local: No
Published: Mar 28 2018 12:00AM
Updated: Mar 28 2018 12:00AM
Credit: Cisco
Vulnerable: Cisco IOS XE Software 0
Cisco Ios 16.2
Cisco Ios 16.1.2
Cisco Ios 16.3(0)

Not Vulnerable:

Exploit

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

References:

• Cisco Homepage (Cisco )
  
• Cisco IOS XE Software Web UI Cross-Site Scripting Vulnerabilities (Cisco)
  

Source: www.securityfocus.com