Cisco Zero-Day Vulnerability in Prime Collaboration Deployment Software Discovered, Could Lead to Cross-Site Scripting Attacks

Cisco has disclosed a zero-day vulnerability in its Prime Collaboration Deployment (PCD) software that could be used for cross-site scripting attacks. The flaw was discovered in the web-based management interface of Cisco PCD 14 and earlier by a researcher at the NATO Cyber Security Centre.

The bug could allow unauthenticated attackers to launch remote cross-site scripting attacks, but user interaction is required. Cisco has warned that the vulnerability exists because the web-based management interface does not properly validate user-supplied input. The company is expected to release security updates to address the flaw next month, and no workarounds are currently available.

Cisco yet to patch zero-day IP Phone flaw disclosed in December 2023

In addition to this latest vulnerability, Cisco also has to patch another high-severity IP Phone zero-day vulnerability that was disclosed in December 2023. The bug (CVE-2022-20968) affects Cisco IP phones running 7800 and 8800 Series firmware version 14.2 and earlier.

Cisco’s PSIRT had warned in December that the vulnerability had been publicly discussed, and that proof-of-concept exploit code was available. While the company had promised to release security updates in January 2023, the bug remains unpatched months after the initial disclosure.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: info@blackhatethicalhacking.com

Source: bleepingcomputer.com

Source Link