Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 22, 2021Rewterz Threat Advisory – CVE-2021-31198 – Microsoft Exchange Server Remote Code Execution Vulnerability
July 22, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 22, 2021Rewterz Threat Advisory – CVE-2021-31198 – Microsoft Exchange Server Remote Code Execution Vulnerability
July 22, 2021Severity
High
Analysis Summary
CVE-2021-1395
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
Impact
- Cross-site scripting
- Code execution
Affected Vendors
Cisco
Affected Products
- Cisco Unified Intelligence Center and Cisco Unified Contact Center Express.
- Cisco Unified Contact Center Enterprise
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL