Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 6.1 Security Advisory

TL;DR 📌

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise. This could allow an unauthenticated attacker to execute arbitrary script code. No workarounds are available, and software updates are forthcoming.

What happened 🕵️‍♂️

Cisco has disclosed a vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise. This vulnerability arises from insufficient user input validation, enabling an attacker to potentially execute arbitrary script code within the context of the affected interface. The attacker would need to persuade a user to click on a crafted link to exploit this vulnerability.

Affected products 🖥️

At the time of publication, the vulnerability affects:

  • Cisco Unified Intelligent Contact Management Enterprise 15.0(1) and earlier.

For the most current information, refer to the details section in the bug ID(s) at the top of the advisory.

Fixed software 🔧

Upgrade to at least the first fixed release in your train (or later):

Product / Release Train First Fixed Release Notes
ISE / ISE-PIC 1.0 Initial public release.

Workarounds 🧯

There are no workarounds available to mitigate this vulnerability.

Risk in context 🎯

The vulnerability has a CVSS score of 6.1, categorized as MEDIUM severity. While this does not indicate an immediate critical threat, it is essential for users of the affected products to remain vigilant and apply updates as soon as they are available to prevent potential exploitation.

Fast facts ⚡

  • Vulnerability Type: Cross-Site Scripting (XSS)
  • CVSS Score: 6.1 (Medium)
  • Affected Product: Cisco Unified Intelligent Contact Management Enterprise 15.0(1) and earlier
  • Workarounds: None available
  • Status: Final advisory with planned software updates

For leadership 🧭

This advisory highlights a significant security vulnerability that could impact users of Cisco Unified Intelligent Contact Management Enterprise. It is crucial for leadership to prioritize the application of upcoming software updates and ensure that all users are aware of the potential risks associated with this vulnerability. Regularly reviewing security advisories will help maintain the integrity of your network systems.