Intrusion Prevention

Cisco.EPC3925.Goform.Quick.Setup.XSS

Description

This indicates an attack attempt against a Cross-Site Scripting vulnerability in Cisco EPC3925.
The vulnerability is due to an design flaw when the vulnerable software attempts to handle an HTTP request to Quick_setup interface. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and be granted the admin privileges on the vulnerable application.

Affected Products

Cisco EPC3925 epc3925-E10-5-v302r125572-130520c

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2013-6976