Cyber Security Threat Summary:
“Cisco disclosed today a zero-day vulnerability in the company's Prime Collaboration Deployment (PCD) software that can be exploited for cross-site scripting attacks. This server management utility enables admins to perform migration or upgrade tasks on servers in their organization's inventory. Tracked as CVE-2023-20060, the bug was found in the web-based management interface of Cisco PCD 14 and earlier by Pierre Vivegnis of the NATO Cyber Security Centre (NCSC). Successful exploitation enables unauthenticated attackers to launch cross-site scripting attacks remotely but requires user interaction” (Bleeping Computer, 2023).

Security Officer Comments:
The vulnerability is due to an improper user validation in Cisco’s web-based management interface. As such, a successful exploit could enable an threat actor to execute arbitrary code in the “context of the affected interface or access sensitive, browser-based information by tricking the user to click on a specially crafted link.

As of writing, Cisco says it is not aware of attacks in the wild exploiting CVE-2023-20060.

Suggested Corrections:
There is currently no patch or workaround for CVE-2023-20060. Cisco expects to release a patch sometime next month. In general, to defend against XSS attacks, users should regularly update their software (when patches become available) and avoid clicking on malicious links or downloading unknown files/attachments.

Link:
https://www.bleepingcomputer.com/