46263

Uploaded by

navid kamrava

0% found this document useful (0 votes)

6 views1 page

Copyright

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Flag for inappropriate content

0% found this document useful (0 votes)

6 views1 page

46263

Uploaded by

navid kamrava

Copyright:

Flag for inappropriate content

Jump to Page

You are on page 1of 1

Search inside document

# Exploit Title: Cisco Firepower Management Center Cross-Site Scripting (XSS)

Vulnerability
# Google Dork: N/A
# Date: 23-01-2019
################################
# Exploit Author: Bhushan B. Patil
################################
# Advisory URL:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-
20190123-frpwr-mc-xss
# Affected Version: 6.2.2.2 & 6.2.3
# Cisco Bug ID: CSCvk30983
# CVE: CVE-2019-1642

1. Technical Description:
A vulnerability in the web-based management interface of Cisco Firepower Management
Center (FMC) software could allow an unauthenticated, remote attacker to conduct a
cross-site scripting (XSS) attack against a user of the web-based management
interface of the affected software.
The vulnerability is due to insufficient validation of user-supplied input by the
web-based management interface of the affected software. An attacker could exploit
this vulnerability by persuading a user of the interface to click a crafted link. A
successful exploit could allow the attacker to execute arbitrary script code in the
context of the affected interface or access sensitive, browser-based information.

2. Proof Of Concept:
Login to Cisco Firepower Management Center (FMC) and browse to Systems ->
Configuration menu.
https://<ip address>/platinum/platformSettingEdit.cgi?type=TimeSetting

Append the following XSS payload >"><script>alert("XXS POC")</script>& in the URL

The URL will become and on submitting it you'll get an alert popup.
https://<ip address>/platinum/platformSettingEdit.cgi?type=>"><script>alert("XXS
POC")</script>&

3. Solution:
Upgrade to version 6.3.0
For more information about fixed software releases, consult the Cisco bug ID
CSCvk30983<https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk30983>

4. Reference:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-
20190123-frpwr-mc-xss

SM EXcel 365 Rce 51328
Document1 page
SM EXcel 365 Rce 51328
scribdfoo1
No ratings yet
Ciso2 0
Document6 pages
Ciso2 0
PolisettyGuptha
No ratings yet
Microproject NIS Incomp
Document21 pages
Microproject NIS Incomp
Shivam Jawarkar
No ratings yet
Secure Coding Protecting Windows and C Web Applications
From Everand
Secure Coding Protecting Windows and C Web Applications
Américo Moreira
No ratings yet
1ks17cs077 Technical Report
Document18 pages
1ks17cs077 Technical Report
harsha kulkarni
No ratings yet
CSS Question Bank
Document19 pages
CSS Question Bank
Arun Choudhary
No ratings yet
Investigating of Cyber Attacks On Web Systems
Document40 pages
Investigating of Cyber Attacks On Web Systems
Hein Khant Pyi Soe
No ratings yet
Website Vulnerability Scanner Report (Light)
Document5 pages
Website Vulnerability Scanner Report (Light)
Ilija Dodevski
No ratings yet
Bug Search Tool: Cisco Anyconnect Secure Mobility Client Arbitrary Code Execution Vulnerability Cscvv30103
Document3 pages
Bug Search Tool: Cisco Anyconnect Secure Mobility Client Arbitrary Code Execution Vulnerability Cscvv30103
nag_nag19
No ratings yet
Welcome To International Journal of Engineering Research and Development (IJERD)
Document5 pages
Welcome To International Journal of Engineering Research and Development (IJERD)
IJERD
No ratings yet
Defensive Programming Developing A Web A
Document10 pages
Defensive Programming Developing A Web A
Mohd Zulkfali Junoh
No ratings yet
Sessionals 1 - Vapt Pratical Lab Assignment
Document12 pages
Sessionals 1 - Vapt Pratical Lab Assignment
CFIS 2k19
No ratings yet
Introduction to Web Hacking: Cross-site Scripting
From Everand
Introduction to Web Hacking: Cross-site Scripting
Gary Drocella
No ratings yet
National Critical Information Infrastructure Protection Centre
Document4 pages
National Critical Information Infrastructure Protection Centre
Ravi Sankar
No ratings yet
Cert Ua2
Document9 pages
Cert Ua2
Nikhil chowdary
No ratings yet
Fase 5
Document14 pages
Fase 5
john fredy rodriguez
No ratings yet
Cyber Defense Magazine - October 2023
Document182 pages
Cyber Defense Magazine - October 2023
Ervis Krymbi
No ratings yet
Owasp Standards PDF
Document4 pages
Owasp Standards PDF
KaisSlimeni
No ratings yet
CSRF and XSS Attacks and Defense Mechanisms
Document4 pages
CSRF and XSS Attacks and Defense Mechanisms
International Journal of Innovative Science and Research Technology
100% (1)
51729
Document1 page
51729
LOH ENG HIN
No ratings yet
Active Page Server
Document18 pages
Active Page Server
Zain Alabeeden Alareji
No ratings yet
Cross-Site Scripting Attacks Procedure and Prevention Strategies
Document3 pages
Cross-Site Scripting Attacks Procedure and Prevention Strategies
Bront Paul
No ratings yet
Cross Site Scripting Ethical Hacking Lab Exercise
Document10 pages
Cross Site Scripting Ethical Hacking Lab Exercise
Paul Crane
No ratings yet
Critical Vulnerabilities Discovered in GPS Traking
Document24 pages
Critical Vulnerabilities Discovered in GPS Traking
palepogu srinu
No ratings yet
Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem
From Everand
Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem
Chris Hughes
No ratings yet
The Best Cyber Security Interview Questions (UPDATED) 2019
Document15 pages
The Best Cyber Security Interview Questions (UPDATED) 2019
C G
No ratings yet
Cyber Defense Magazine - February 2023 PDF
Document186 pages
Cyber Defense Magazine - February 2023 PDF
Paul Mitnick
No ratings yet
Priyal Keharia Is Exp 5
Document19 pages
Priyal Keharia Is Exp 5
Priyal Keharia
No ratings yet
A Study On Removal Techniques of Cross-Site From Web Application
Document7 pages
A Study On Removal Techniques of Cross-Site From Web Application
Adalberto Francis
No ratings yet
Man in The Middle Attack
Document53 pages
Man in The Middle Attack
Dark Monster
100% (1)
Three Reasons A Secure Web Gateway Is Vital
Document11 pages
Three Reasons A Secure Web Gateway Is Vital
lakbabi1035
No ratings yet
JavaScript Programming: 3 In 1 Security Design, Expressions And Web Development
From Everand
JavaScript Programming: 3 In 1 Security Design, Expressions And Web Development
Richie Miller
No ratings yet
FachriKery Ramadhan-CyberOps Associa-Letter
Document1 page
FachriKery Ramadhan-CyberOps Associa-Letter
fachrikery
No ratings yet
Security in System Development
Document33 pages
Security in System Development
Yusifsuleiman
No ratings yet
Cisco Ccnp...
Document71 pages
Cisco Ccnp...
AbdulRab khan
No ratings yet
Vidhan Poddar
Document46 pages
Vidhan Poddar
vidhan Poddar
No ratings yet
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
From Everand
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
Slava Gomzin
No ratings yet
The Ultimate ???? Training and Certification Document
Document17 pages
The Ultimate ???? Training and Certification Document
Naveen
No ratings yet
War Dialing
Document5 pages
War Dialing
Muhammad Hasnain
No ratings yet
Complete Take-Over of Cisco Unified Communications Manager Due Consecutively Misconfigurations - by Hackthebox - InfoSec Write-Ups
Document19 pages
Complete Take-Over of Cisco Unified Communications Manager Due Consecutively Misconfigurations - by Hackthebox - InfoSec Write-Ups
jupiter
No ratings yet
Keyloggers A Malicious Attack
Document5 pages
Keyloggers A Malicious Attack
Editor IJTSRD
No ratings yet
Synopsi
Document59 pages
Synopsi
Ayush Tiwari
No ratings yet
Multiple Vulnerabilities
Document4 pages
Multiple Vulnerabilities
JDaemon7
No ratings yet
Web Vulnerability Report
Document7 pages
Web Vulnerability Report
hitca
No ratings yet
BRKSEC-1021 - Introduction To NIST Cybersecurity Framework
Document74 pages
BRKSEC-1021 - Introduction To NIST Cybersecurity Framework
morpheusnaak
No ratings yet
Attack To Cisco IOS
Document9 pages
Attack To Cisco IOS
Scout St
No ratings yet
Top Five Dangerous Security Risks Over Web Application
Document3 pages
Top Five Dangerous Security Risks Over Web Application
International Journal of Application or Innovation in Engineering & Management
No ratings yet
Detection of DOM-Based XSS Attack On Web Application
Document9 pages
Detection of DOM-Based XSS Attack On Web Application
Sana
No ratings yet
CISCO Introduction To IoT Chapter 5 Quiz Answers
Document5 pages
CISCO Introduction To IoT Chapter 5 Quiz Answers
craf
No ratings yet
Report For Review1 A) Title, Abstract and Keywords
Document9 pages
Report For Review1 A) Title, Abstract and Keywords
Prasoon
No ratings yet
CGR Microproject
Document21 pages
CGR Microproject
manavpawar212006
No ratings yet
Cross-Site-Scripting (XSS) Ravi 22 09
Document69 pages
Cross-Site-Scripting (XSS) Ravi 22 09
Bipin Bharti
No ratings yet
An Artificial Neural Network A
Document30 pages
An Artificial Neural Network A
gibog52499
No ratings yet
Cross Site Scripting
Document40 pages
Cross Site Scripting
Hamza
No ratings yet
XSS Vulnerability Assessment and Prevention in Web Application
Document4 pages
XSS Vulnerability Assessment and Prevention in Web Application
Sana
No ratings yet
CEH PRE Questions
Document8 pages
CEH PRE Questions
nil
100% (1)
Code Injection Vulnerabilities in Web Applications
Document253 pages
Code Injection Vulnerabilities in Web Applications
Digui
No ratings yet
Analisis Active Directory
Document1,137 pages
Analisis Active Directory
Nelson Torres
No ratings yet
Using Artificial Intelligence Techniques To Improve Servers' Threats' Detection.
Document12 pages
Using Artificial Intelligence Techniques To Improve Servers' Threats' Detection.
Yazeed Alsaeed
No ratings yet
A Study of Cloud Computing and Its Security
Document25 pages
A Study of Cloud Computing and Its Security
Pradeep Ep
No ratings yet
86d7fd13-a6d8-461f-9c4c-a5c1ab5ec0ff
Document2 pages
86d7fd13-a6d8-461f-9c4c-a5c1ab5ec0ff
navid kamrava
100% (1)
Open First
Document14 pages
Open First
navid kamrava
No ratings yet
45437
Document1 page
45437
navid kamrava
No ratings yet
42130
Document5 pages
42130
navid kamrava
No ratings yet
46187
Document1 page
46187
navid kamrava
No ratings yet
Virtualization and Cloud Computing: Vera Asodi Vmware
Document39 pages
Virtualization and Cloud Computing: Vera Asodi Vmware
navid kamrava
No ratings yet
LPG H56854
Document28 pages
LPG H56854
navid kamrava
No ratings yet
LBP6030 License SC 00
Document10 pages
LBP6030 License SC 00
navid kamrava
No ratings yet
DigitalCash Report
Document4 pages
DigitalCash Report
navid kamrava
No ratings yet
Tradedocprep: Swift Integration
Document26 pages
Tradedocprep: Swift Integration
navid kamrava
No ratings yet
Business Proposal: Company Name
Document9 pages
Business Proposal: Company Name
navid kamrava
No ratings yet
SWIFTgpi Newsflash July Application Providers v02
Document12 pages
SWIFTgpi Newsflash July Application Providers v02
navid kamrava
No ratings yet
T:Xo GMBH: Partnership Agreement On Investment and Financial Cooperation
Document16 pages
T:Xo GMBH: Partnership Agreement On Investment and Financial Cooperation
navid kamrava
67% (3)
Department: Capital Market Segment: Sub: Client Margin Reporting
Document1 page
Department: Capital Market Segment: Sub: Client Margin Reporting
navid kamrava
No ratings yet
SWIFT ETD Library Monk SRE - En.fa
Document32 pages
SWIFT ETD Library Monk SRE - En.fa
navid kamrava
No ratings yet
Pre-Advice Swift Mt-799 Sblc/B.G. Verbiage
Document2 pages
Pre-Advice Swift Mt-799 Sblc/B.G. Verbiage
navid kamrava
No ratings yet