June 7, 2023

A zero-day flaw has been discovered in Cisco product, which could result in threat actors running malicious code remotely or stealing sensitive data from target endpoints.

The vulnerability was found in a product called Prime Collaboration Deployment (PCD), a tool used by IT teams to migrate and upgrade their servers. The flaw is now tracked as CVE-2023-20060, a medium severity with a CVSS score of 6.1. It’s described as a cross-site scripting vulnerability that can be abused to launch arbitrary code.

Advertisements

This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link,

The vulnerability can be exploited, but it depends on the victim’s action. The attacker would need to persuade the victim to click a specially crafted, malicious link.

Cisco said a fix will be soon released and did not provide any timeline as to when it might get released. There are no workarounds.

Cisco PSIRT found no evidence of the flaw being used in the wild.

Tags:

Leave a Reply

You may have missed

Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
%d bloggers like this: