Detections
Analytics
Cisco NX-OS Software NX-API Sandbox Cross-Site Scripting Vulnerability
medium Nessus Plugin ID 125679
Language:
Synopsis
The remote device is missing a vendor-supplied security patchDescription
According to its self-reported version, Cisco NX-OS Software is affected by following a vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device.The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected NX-API Sandbox interface.Please see the included Cisco BIDs and Cisco Security Advisory for more information
Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvj14814See Also
http://www.nessus.org/u?1596bcb6
Plugin Details
Severity: Medium
ID: 125679
File Name: cisco-sa-20190515-nxos-nxapi-xss.nasl
Version: 1.6
Type: combined
Family: CISCO
Published: 6/3/2019
Updated: 12/20/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Low
Base Score: 3.5
Temporal Score: 2.6
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS Score Source: CVE-2019-1733
CVSS v3
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:nx-os
Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device
Exploit Ease: No known exploits are available
Patch Publication Date: 5/15/2019
Vulnerability Publication Date: 5/15/2019
Reference Information
CVE: CVE-2019-1733