Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Catalyst SD-WAN Manager. This issue allows an authenticated, remote attacker to conduct an XSS attack against users of the interface on affected devices. The vulnerability arises from inadequate validation of user input, enabling attackers to persuade users to click on crafted links. Exploitation could result in the execution of arbitrary script code within the context of the affected interface or the access of sensitive browser-based information.

Impact

Exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the user's session or to access sensitive information stored in the user's browser.

Remediation

Cisco has released software updates to address this vulnerability. Users should upgrade to the fixed releases mentioned in the advisory. For guidance on obtaining the updated software, refer to the Cisco Support and Downloads page or contact the Cisco Technical Assistance Center (TAC).