HomePentest-Tools.com Logo

Cisco Unified Computing System Central Cross-Site Scripting Vulnerability CVE-2016-1401

Severity
CVSSv3 Score
6.1
Vulnerability description

A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.

Risk description

The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.

Recommendation

Update to 1.4(1b) or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 21, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available