ESB-2017.2935 - [Cisco] Cisco IOS and IOS XE: Cross-site scripting - Remote with user interaction 2017-11-16

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2935
Cisco IOS and IOS XE Software IOS daemon Cross-Site Scripting Vulnerability
                             16 November 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco IOS and IOS XE
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Cross-site Scripting -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-12304  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco IOS and IOS XE Software IOS daemon Cross-Site Scripting Vulnerability

Medium

Advisory ID:
cisco-sa-20171115-ios

First Published:
2017 November 15 16:00  GMT
 
Version 1.0:
Final

Workarounds:
No workarounds available

Cisco Bug IDs:
CSCvf60862
CVE-2017-12304
CWE-79

CVSS Score:
Base 6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
CVE-2017-12304
CWE-79
 
Summary
 
A vulnerability in the IOS daemon (IOSd) web-based management
interface of Cisco IOS and IOS XE Software could allow an
unauthenticated, remote attacker to conduct a cross-site scripting
(XSS) attack against a user of the web-based management interface on
an affected device.

The vulnerability is due to insufficient validation of user-supplied
input by the web-based management interface. An attacker could exploit
this vulnerability by persuading a user of the interface to click a
crafted link. A successful exploit could allow the attacker to execute
arbitrary script code in the web-based management interface or allow
the attacker to access sensitive browser-based information.

Additional information about XSS attacks and potential mitigations can
be found at:
https://tools.cisco.com/security/center/content/CiscoAppliedMitigation
Bulletin/cisco-amb-20060922-understanding-xss
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios

Affected Products	

Vulnerable Products
 
This vulnerability affects Cisco IOS and IOS XE Software configured
for the IOS daemon (IOSd). For information about affected software
releases, consult the Cisco bug ID(s) at the top of this advisory.

Products Confirmed Not Vulnerable
 
No other Cisco products are currently known to be affected by this
vulnerability.

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software
 
For information about fixed software releases, consult the Cisco bug
ID(s) at the top of this advisory.

When considering software upgrades, customers are advised to regularly
consult the advisories for Cisco products, which are available from
the Cisco Security Advisories and Alerts page, to determine exposure
and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and
software configurations will continue to be supported properly by the
new release. If the information is not clear, customers are advised to
contact the Cisco Technical Assistance Center (TAC) or their
contracted maintenance providers.

Exploitation and Public Announcements
  
The Cisco Product Security Incident Response Team (PSIRT) is not aware
of any public announcements or malicious use of the vulnerability that
is described in this advisory.

Source

This vulnerability was found internal security testing.

Cisco Security Vulnerability Policy
 
To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy. This document
also contains instructions for obtaining fixed software and receiving
security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Subscribe

URL
 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios

Revision History	Version	Description	Section	Status	Date
1.0			Initial public release.	Final		2017-November-15

Legal Disclaimer
 
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.

A standalone copy or paraphrase of the text of this document that
omits the distribution URL is an uncontrolled copy and may lack
important information or contain factual errors. The information in
this document is intended for end users of Cisco products.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWg0zIox+lLeg9Ub1AQh0thAAhAYLIo0Nq3ihQymQs1LzKwvDP1rpufSg
9rPgdUwCYFn3lCauhbhKslXdIhesB8Gp/QfEcU8DO7rPBxWt0jZFQHYbiCz8+cz+
LT5Lw+S4gBEw2zhVrL7gSk/V/ZE5M6mKU6NQy3rA56vKzcbCcDM3eVfDhGMukHK9
Cn8jP6cqaW5+Vm9oK+4mRJiAI3vQ6N2EoBdtqHf6Ag/D0e1EnJEa+HFkjEDOK9wC
2uUpdN2gVqjsNqKEgB0FPVYbdERiYORG5bVITTiTVDOtRTYVRz9URXSyL1lQj3iY
7R9NrINmhncnTtKUp6T06UgQ50c9A+eWlpT4Udn5dM+m1WrvoPms+Y4kuAeH55uv
nFuULnqU9iArR0puKZ1lVYUDC6SpV1RN2jxpxUn1W5iw33mbEI42j8sDPlqoh3m3
amnQMn33l/EhFjjXfUiUKXxHBslFF7iMFVmgHQSINDQPRcVFDFiUBRVlb+6TbBlH
qlU+peNlh/J9ZGbU35FEa/T9W1qQ9l+NWy1dVIQXYyceXEUypTNj3zIvswBi7lCe
qfuHe6xh3zYB4wW2MoosLsjA3ScQW1yR6zoslozL3GEk5Vah3lNIM1K3h0lSAp84
5XjDPu0IzE2HYJ3I0NbppoUNl2NLUkrU5mjFa0OZOKU9mDBOCOSbsQpTQDgzYTxK
nh8hXpAnU1I=
=qgof
-----END PGP SIGNATURE-----

« Back to bulletins