Console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user sends crafted text to a serial port which has logging enabled the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server.
In firmware 4.5.0 and later releases the serial port log data is filtered and sanitized prior to display.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14456
Comments
0 comments
Article is closed for comments.