CVE-2022-20659 An attacker could conduct a XSS attack against users of iPM and EPN Manager.

CVE-2022-20659 An attacker could conduct a XSS attack against users of iPM and EPN Manager.

Note that the Evolved XMPP Core (Xmcc) is an open source project that is not owned or controlled by Cisco. There are no known mitigation strategies for the Xmcc open source project. For information regarding the Evolved XMPP Core, consult with the Xmcc project’s security team via their team website or via email at info@xmcc.org>. Cisco has assigned a severity rating of Moderate for this vulnerability, which has been determined through analysis of the impact and likelihood of exploit. A Cisco device running an affected version of software is susceptible to XSS attacks. An attacker could exploit this vulnerability by convincing a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has released software updates for different Cisco devices. If you are running an affected version of Cisco software and are concerned about the security of your network infrastructure, you can upgrade to a patched version of the affected software.

What is the purpose of this document?

The purpose of this document is to provide users with information on a vulnerability in Cisco's software.

Cisco devices are vulnerable to XSS attacks

An attacker could exploit this vulnerability by convincing a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has released software updates for different Cisco devices. If you are running an affected version of Cisco software and are concerned about the security of your network infrastructure, you can upgrade to a patched version of the affected software.

How to Find Software Version Information

To determine the software version for a Cisco device, open a browser and navigate to https://hostname:3569/login.html. The software version will be displayed on the left side of the screen.

How to Find Cisco Software Version Information

Cisco has released software updates for different Cisco devices.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe