Cisco Unified Communications Manager vulnerable to Cross-Site Scripting (XSS) Attacks
CVE-2020-3532

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Unity Connection
Cisco Unified Communications Manager
Cisco Unified Communications Manager Im And Presence Service
Cisco Unified Communications Manager / Cisco Unity Connection
Vendor
CVE Published:
18 November 2024

Summary

A vulnerability exists in the web-based management interface of various Cisco Unified Communications Manager products, allowing remote attackers to exploit cross-site scripting (XSS). This occurs due to insufficient validation of user-supplied input, enabling attackers to craft deceptive links that, when clicked by users, can execute arbitrary script code or access sensitive browser information within the context of the affected interfaces. Importantly, there are no available workarounds to mitigate this vulnerability, making prompt remediation and awareness crucial for affected users.

Affected Version(s)

Cisco Unified Communications Manager

Cisco Unified Communications Manager / Cisco Unity Connection

Cisco Unified Communications Manager IM and Presence Service

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.