December 8, 2023

A zero-day flaw has been discovered in Cisco product, which could result in threat actors running malicious code remotely or stealing sensitive data from target endpoints.

The vulnerability was found in a product called Prime Collaboration Deployment (PCD), a tool used by IT teams to migrate and upgrade their servers. The flaw is now tracked as CVE-2023-20060, a medium severity with a CVSS score of 6.1. It’s described as a cross-site scripting vulnerability that can be abused to launch arbitrary code.

Advertisements

This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link,

The vulnerability can be exploited, but it depends on the victim’s action. The attacker would need to persuade the victim to click a specially crafted, malicious link.

Cisco said a fix will be soon released and did not provide any timeline as to when it might get released. There are no workarounds.

Cisco PSIRT found no evidence of the flaw being used in the wild.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Meta enables Messenger with E2EE by Default

December 8, 2023

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023
%d