CVE-2022-20969: Cisco Umbrella –Cloud Stored cross-site scripting Vulnerability
Description
On June 02, the security team of Green Tick Nepal Pvt. Ltd. one of the leading cyber security service providers located in Kathmandu, Nepal discovered an Un-sanitized input in multiple management dashboard pages of Cisco Umbrella –Cloud that leads to Stored cross-site scripting.
Proof of Concept
The Security Team of Green Tick Nepal Pvt. Ltd. published a Proof of Concept (POC) for Cisco Systems, Inc. The vulnerability was found in Cisco Umbrella -Cloud. The vulnerability in the web applications of Cisco Umbrella could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms. Eventually, the victim’s browser could be taken over.
Solution
- Implement Proper Input Sanitization.
| CVE-ID | Description | Products |
| CVE-2022-20969 | Cisco Umbrella Stored Cross-Site Scripting | Cisco Umbrella –Cloud |
History
2022-06-02: Vulnerability found.
2022-11-02: CVE Published.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-20969
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-xss-LfeYQV3
