Cisco’s fix for Prime Collaboration Deployment vulnerability underway

Cisco has disclosed that it is in the process of developing a fix for a cross-site scripting vulnerability impacting its Prime Collaboration Deployment offering, SecurityWeek reports. Threat actors could leverage the flaw, tracked as CVE-2023-20060, by luring targets into clicking a crafted link, which would facilitate arbitrary script code execution "in the context of the affected interface or access sensitive, browser-based information," said Cisco, which noted that there has been no evidence suggesting active exploitation of the bug. No definite timeline for the release of the patch nor workarounds for the flaw has been given. Meanwhile, the discovery of the flaw has been credited to NATO Cyber Security Centre penetration tester and security researcher Pierre Vivegnis. Such a disclosure comes after Cisco was informed regarding several security flaws in its products by the National Security Agency, as well as the UK's National Cyber Security Centre's discovery of numerous industrial product bugs.