Rewterz Threat Alert – New Java STRRAT Shipping with Crimson Module
June 18, 2020Rewterz Threat Advisory – Multiple Security Vulnerabilities in Drupal
June 18, 2020Rewterz Threat Alert – New Java STRRAT Shipping with Crimson Module
June 18, 2020Rewterz Threat Advisory – Multiple Security Vulnerabilities in Drupal
June 18, 2020Severity
Medium
Analysis Summary
The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device.
Impact
Cross-Site Scripting
Affected Vendors
Cisco
Affected Products
Cisco DCNM software releases 11.3(1) and earlier
Remediation
Refer to vendor’s advisory for the complete list of affected products and upgraded patches.