SSL: Cisco Prime Infrastructure and EPNM SystemPreferences_Configurable Cross Site Scripting
This signature detects reflected cross-site scripting attempts that exploit the Cisco Prime Infrastructure and Evolved Programmable Network Manager. Successful exploitation results in the execution of arbitrary script code in the target user's browser.
Extended Description
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).
Affected Products
Cisco evolved_programmable_network_manager
Short Name
SSL:CISCO-TASKNAME-CONFURL-XSS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SSL
Keywords
CVE-2017-6699 Cisco Cross EPNM Infrastructure Prime Scripting Site SystemPreferences_Configurable and bid:99221
Release Date
07/20/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Cisco
CVSS Score
4.3