Solved: JQuery < 3.5.0 Multiple XSS (6296UP, 6324)

kevink324 · ‎07-24-2020

I am currently running 6296UP, 6324 Minis, and 6454 Fabric Interconnects all with the latest firmware bundles for their respective models (4.1(1d)).

Our security team has informed us that the 6296UPs and the 6324 Minis are showing as vulnerable for the issue identified in CVE-2020-11022, CVE-2020-11023.

The 6454s which are running the same firmware level (but different/newer kernel?) don't appear to be affected.

Is anyone else experiencing this? Or, is anyone aware of a cisco bug report that is tracking this issue?

Steven Tardy · ‎07-24-2020

CSCvu53094

View solution in original post

Steven Tardy · ‎07-24-2020

CSCvu53094

HemantMaheshwari1962 · ‎07-25-2020

HI,

We are having the same issue in 6248up. Can anybody know if this issue has been resolved or not?

If yes, then can you please let me know the release version.

Thank you.

Steven Tardy · ‎07-25-2020

CSCvu82662 was explicitly for UCS 6200 but was duplicated to the original bug I posted CSCvu53094.

HemantMaheshwari1962 · ‎07-26-2020

Hi Steven,

Thank you for your prompt reply.

It seems that still there is no hotfix release by Cisco pertaining to this issue. Do you have any information when it will be provided. Since this issue has been raised by auditor hence we need your assistance to get some information.

Thank you

vijay Kothavade

vijaykothavade@gmail.com

kevink324 · ‎07-28-2020

Steven, thanks for the reply. I've opened up a support case referencing these two bug reports to track the resolution of this issue. Hopefully it is a quick fix.

kevink324 · ‎08-17-2020

4.1(2a) firmware resolved this issue.