- Description
- A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- unified_communications_manager
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-79
- Hype score
- Not currently trending
CVE-2024-20511 Unauthenticated XSS Attack in Cisco Unified CM Web Interface A vulnerability is present in Cisco Unified Communications Manager's web interface. This affects both Unified CM and Unified CM SME. An ... https://t.co/TxUgJffoo0
@VulmonFeeds
6 Nov 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-20511 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management… https://t.co/an3pKhS4nH
@CVEnew
6 Nov 2024
386 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "44F6D6CC-19C5-4BFF-BABC-84E4A06A2BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1215A7B-3A27-4A05-99F4-CB1B0D270C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0715148-5B7E-48C6-A51C-76D74E4AAB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D687F-A996-4F30-9D3C-838CDE8B2349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "D61F0795-B5F2-4DFC-A1DD-1175AAF2ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3EB73BD4-9ECC-458E-925D-FECE9A49BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9751FC-5C3C-4D7B-B368-39FF096C1581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "E411B60D-4EFA-4A8C-A9A0-74B7524B2B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC7EAB06-39FB-4897-BDCC-B84041DA9AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E727720-92A8-430E-881F-091ACC71E87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "511D0C5D-55DB-4293-BFE0-17D31073C5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su6:*:*:*:*:*:*:*",
"matchCriteriaId": "294B9E10-2CF1-47D3-9725-E2A568E17AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7:*:*:*:*:*:*:*",
"matchCriteriaId": "397E6105-7508-4DEB-AD6D-1E702E31C875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD5882F-47AD-44BF-BAF5-4DA6B59A45A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su8:*:*:*:*:*:*:*",
"matchCriteriaId": "65580374-43E4-4EB4-8D66-76FB8AF11568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su8a:*:*:*:*:*:*:*",
"matchCriteriaId": "D501B7FB-1335-4C44-8C4F-DDF033A41E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su9:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5D489D-D2D3-4784-8B80-209344A9FC76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]