Rewterz Threat Advisory – CVE-2023-20058 – Cisco Unified Intelligence Center Vulnerability

January 12, 2023

Severity

Medium

Analysis Summary

CVE-2023-20058

Cisco Unified Intelligence Center is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

Cross-Site Scripting

Indicators Of Compromise

CVE

CVE-2023-20058

Affected Vendors

Cisco

Affected Products

Cisco Unified Intelligence Center (CUIC)

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

Cisco Security Advisory

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

DarkCrystal RAT aka DCRat – Active IOCs

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us