Fortinet Discovers Cisco Web Security Appliance Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a Cross-Site Scripting (XSS) vulnerability in Cisco Web Security Appliance.
Cisco Web Security Appliance (WSA) is an all-on-a-single platform. It can provide malware protection, application visibility and control, acceptable use policy controls, insightful reporting and secure mobility.
A XSS vulnerability has been discovered in Cisco WSA. It is caused by insufficient input validation of user-supplied value. An attacker could exploit this vulnerability by inputting malicious script code in vulnerable fields as a least-privileged user. The administrator user could be attacked by accessing the webpage storing the malicious script code. Successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Mar 15, 2017
Users should apply the solution provided by Cisco.
Fortinet reported the vulnerability to Cisco on July 8, 2016.
Cisco patched the vulnerability on August 10, 2017.
This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.