0 Results Found
            Back To Results
              Advisory

              Cisco IronPort Encryption Appliance Administrative Interface DOM-based Cross-site Scripting Vulnerability

              Dell SecureWorks Security Advisory SWRX-2012-001

              Advisory Information

              • Title: Cisco IronPort Encryption Appliance administrative interface DOM-based cross-site scripting vulnerability
              • Advisory ID: SWRX-2012-001
              • Date published: Monday, February 13, 2012
              • CVE: CVE-2012-0340
              • CVSS v2 base score: 4.3
              • Date of last update: Monday, February 13, 2012
              • Vendors contacted: Cisco Systems, Inc.
              • Release mode: Coordinated
              • Discovered by: Craig Lambert, Dell SecureWorks

              Summary

              A vulnerability exists in Cisco IronPort Encryption Appliance due to improper input validation of user-controlled input to the web-based administrative interface. User-controlled input supplied to the login page via the URL parameters/values is not properly sanitized for illegal or malicious content prior to being returned to the user in dynamically generated web content. A remote, unauthenticated attacker could exploit this vulnerability to perform DOM-based cross-site scripting (XSS) attacks, potentially resulting in the compromise of administrator sessions on the Cisco IronPort Encryption Appliance device.

              Download the PDF

              PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

              SecureWorks CTU Public Key 

              Related Content