Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
July 23, 2021Rewterz Threat Alert – Donot APT Group – IOCs
July 26, 2021Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
July 23, 2021Rewterz Threat Alert – Donot APT Group – IOCs
July 26, 2021Severity
Medium
Analysis Summary
CVE-2021-1599
A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the affected interface or access sensitive, browser-based information. If the targeted user has administrative privileges, the attacker may also be able to cause the affected device to reboot.
Impact
- Cross-site scripting
- Code Execution
Affected Vendors
Cisco
Affected Products
- Cisco Unified CVP Release 12.5
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-xss-yvE6L8Zq