Rewterz Threat Advisory – CVE-2019-16009 – Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability
April 30, 2020Rewterz Threat Advisory – CVE-2020-1631 – Juniper Junos OS vulnerability in J-Web and web based (HTTP/HTTPS) services
April 30, 2020Rewterz Threat Advisory – CVE-2019-16009 – Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability
April 30, 2020Rewterz Threat Advisory – CVE-2020-1631 – Juniper Junos OS vulnerability in J-Web and web based (HTTP/HTTPS) services
April 30, 2020Severity
High
Analysis Summary
A Stored Cross-Site Scripting (XSS) vulnerability in VMware ESXi exists. The VMware ESXi Host Client does not properly neutralize script-related HTML when viewing virtual machines attributes. A malicious actor with access to modify the system properties of a virtual machine from inside the guest os (such as changing the hostname of the virtual machine) may be able to inject malicious script which will be executed by a victim’s browser when viewing this virtual machine via the ESXi Host Client. |
Impact
Cross-Site Scripting |
Affected Vendors
VMware
Affected Products
VMware ESXi |
Remediation
Refer to VMware security advisory for the list of upgraded patches.
https://www.vmware.com/security/advisories/VMSA-2020-0008.html