Rewterz Threat Advisory – CVE-2021-22908 – Pulse Connect Secure Buffer Overflow Vulnerability
May 17, 2021Rewterz Threat Alert – MSBuild to Deliver RATs Filelessly – Active IOCs
May 18, 2021Rewterz Threat Advisory – CVE-2021-22908 – Pulse Connect Secure Buffer Overflow Vulnerability
May 17, 2021Rewterz Threat Alert – MSBuild to Deliver RATs Filelessly – Active IOCs
May 18, 2021Severity
Medium
Analysis Summary
CVE-2021-1463
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Impact
Unauthorized Access
Affected Vendors
Cisco
Affected Products
Cisco Unified Intelligence Center and Cisco Unified Contact Center Express.
Remediation
Refer to Cisco advisory for the complete list of affected product and their respective patches
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-U2WTsUg6