Cisco says server management tool has a major security flaw. The company has however announced that a patch is still in the works.
Cisco Server Management Tool Security Flaw
Cisco has just reported finding a zero-day flaw in one of its many products, which as you should know could result in threat actors remotely running malicious codes, or even stealing sensitive data from targeted endpoints.
The vulnerability in question was located in a product known as Prime Collaboration Deployment (PCD), which is a tool that is used by IT teams in migrating or upgrading their services. The flaw in question is at the moment tracked as CVE-2023-20060, and it is deemed of “medium” severity with a 6.1 score. The flaw is described as a cross-site scripting vulnerability that can be used in launching an arbitrary code. The patch is however still in development, and in regard to the issue, there are no workarounds.
What Is a Cross-Site Scripting (XXS) Attack
A typical cross-site scripting (XXS) attack for those who don’t know is a form of an injection, where the threat actors in question get to inject a malicious script into an otherwise legitimate, clean website at can be trusted by users.
“This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link,” Cisco stated.
“A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.”
How the Vulnerability Works
The vulnerability in other words can be exploited, but it however depends on the action of the victim. The attacker here would need to convince the victim to click on a malicious link that has been specially crafted.
The company has said that a fix is currently in the works, but however, did not give any details in regard to the timeline as to when it might be released. And with that being said, you should know that there are no workarounds.
The Flaw Has Not Be Used In the Wild According To Research
And while that might sound really problematic, the Cisco Product Security Incident Response Team (PSIRT) has found no evidence of the flaw being utilized in the open. The said flaw was discovered by Pierre Vivegnis of the NATO Cyber Security Center (NCSC), Cisco in its advisory stated.
MORE RELATED POSTS
- Cisco Youth Leadership Award 2023: Global Citizens Prize
- Cisco Global Problem Solver Challenge 2022 For Early-Stage Entrepreneurs Around the World
- Google Chrome Update Removes Bug That Attacks Users
- Best Books for Computer Networking – What does Computer Networking Do?
- Why are Top Businesses using PHP for Website Development