Cisco FireSIGHT System Software cross-site scripting (CVE-2016-1293)
Cisco FireSIGHT System Software cross-site scripting (CVE-2016-1293)
Release date:
Updated on:
Affected Systems:
Cisco FireSIGHT Management Center 6.0.1
Description:
CVE (CAN) ID: CVE-2016-1293
The Cisco FireSIGHT Management Center can centrally manage the network security and operation functions of Cisco ASA with FirePOWER Services and Cisco FirePOWER devices.
The Management Center of Cisco FireSIGHT System Software 6.0.1 has a cross-site scripting vulnerability. Remote attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20160115-FireSIGHT) and patches for this:
Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT
This article permanently updates the link address: