Rewterz Threat Alert – PowerTrick Malware
January 14, 2020Rewterz Threat Alert – LNK files Targeting Maldives Government
January 14, 2020Rewterz Threat Alert – PowerTrick Malware
January 14, 2020Rewterz Threat Alert – LNK files Targeting Maldives Government
January 14, 2020Severity
Medium
Analysis Summary
CVE-2019-12713
The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Impact
Exposure of sensitive information
Affected Vendors
Cisco
Affected Products
Cisco Prime Infrastructure Software releases 3.7 and earlier
Remediation
Please see vendor’s advisory for the list of available patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-pi-xss-12713