0 Results Found
              Back To Results
                Advisories

                Cisco IronPort Encryption Appliance Administrative Interface DOM-based Cross-site Scripting Vulnerability

                Dell SecureWorks Security Advisory SWRX-2012-001

                Advisory Information

                • Title: Cisco IronPort Encryption Appliance administrative interface DOM-based cross-site scripting vulnerability
                • Advisory ID: SWRX-2012-001
                • Date published: Monday, February 13, 2012
                • CVE: CVE-2012-0340
                • CVSS v2 base score: 4.3
                • Date of last update: Monday, February 13, 2012
                • Vendors contacted: Cisco Systems, Inc.
                • Release mode: Coordinated
                • Discovered by: Craig Lambert, Dell SecureWorks

                Summary

                A vulnerability exists in Cisco IronPort Encryption Appliance due to improper input validation of user-controlled input to the web-based administrative interface. User-controlled input supplied to the login page via the URL parameters/values is not properly sanitized for illegal or malicious content prior to being returned to the user in dynamically generated web content. A remote, unauthenticated attacker could exploit this vulnerability to perform DOM-based cross-site scripting (XSS) attacks, potentially resulting in the compromise of administrator sessions on the Cisco IronPort Encryption Appliance device.

                Download the PDF

                PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

                SecureWorks CTU Public Key 

                Related Content