SSL: Cisco Prime Infrastructure and EPNM ImportJobResults.jsp Cross Site Scripting
A reflected cross-site scripting vulnerability has been reported in Cisco Prime Infrastructure and Evolved Programmable Network Manager. Successful exploitation results in the execution of arbitrary script code in the target user's browser.
Extended Description
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).
Affected Products
Cisco evolved_programmable_network_manager
References
CVE: CVE-2017-6699
Short Name
SSL:CISCO-INF-CVE-2017-6699-XSS
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
SSL
Keywords
CVE-2017-6699 Cisco Cross EPNM ImportJobResults.jsp Infrastructure Prime Scripting Site and
Release Date
08/01/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Cisco
CVSS Score
4.3