CISCO-SA-WEBUI-XSS-VWYDGJOU

Vulnerable Products:

At the time of publication, this vulnerability affected Cisco IOS XE Software if HTTP or HTTPS is enabled and the Web Authentication feature is enabled.

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determine the HTTP Server Configuration To determine whether the HTTP Server feature is enabled for a device, log in to the device and use the show running-config | include ip http server|secure|active command in the CLI to check for the presence of the ip http server command or the ip http secure-server command in the global configuration. If either command is present, the HTTP Server feature is enabled for the device.

The following example shows the output of the show running-config | include ip http server|secure|active command for a device that has the HTTP Server feature enabled:

Switch# show running-config | include ip http server|secure|active ip http server ip http secure-server

Note: The presence of either command or both commands in the device configuration indicates that the web-based management interface feature is enabled.

If the ip http server command is present and the configuration also contains ip http active-session-modules none, the vulnerability is not exploitable over HTTP.

If the ip http secure-server command is present and the configuration also contains ip http secure-active-session-modules none, the vulnerability is not exploitable over HTTPS. Determine the Web Authentication Configuration for Switches To determine whether the Web Authentication feature is enabled for a device in legacy mode, log in to the device and use the show running-config | include proxy http command in the CLI to check for the presence of the proxy http command. If the command is present, the Web Authentication feature is enabled for the device, as shown in the following example:

Switch# show running-config | include proxy http ip...