Key Information Vulnerability Overview Vulnerability Name: Cisco IOS XE Software Web UI Reflected Cross-Site Scripting Vulnerability CVE ID: CVE-2015-6384 CVSS Score: 5.0 (Medium) Release Date: September 23, 2015 Affected Products Affected Products: Cisco IOS XE Software versions 3.1S, 3.2S, and 3.4S series Unaffected Products: Cisco IOS Software, Cisco IOS XR Software, and NX-OS Software Vulnerability Description Vulnerability Type: Reflected Cross-Site Scripting (XSS) Cause: Due to improper validation of user input, attackers can exploit this vulnerability by sending specially crafted HTTP requests. Impact: Successful exploitation allows attackers to inject and execute arbitrary HTML code within the web interface of the affected device. Configuration Checks HTTP Server Configuration: Use the command to check if the HTTP Server feature is enabled. WebAuth Configuration for Switches: Use the command to check if the WebAuth feature is enabled. WebAuth Configuration for WLCs: Use the command to check if the WebAuth feature is enabled. Mitigation Measures Disable HTTP Server: Disable the HTTP Server feature in global configuration mode using the command . Restrict Remote Access: Use the command to restrict remote access to the HTTP Server. Fixed Software Recommended Upgrade: Upgrade to the latest versions of Cisco IOS and IOS XE Software. Specific Steps: Refer to the Cisco Software Center page to identify software versions that fix this vulnerability. Public Disclosure and Exploitation Known Public Proof-of-Concept Code: Proof-of-concept code for this vulnerability exists. Known Exploitation: There have been reports indicating that this vulnerability has been exploited.