Cisco ECE Web-Based Management Interface Vulnerability
CVE-2022-20631

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Enterprise Chat And Email
Vendor: CVE Published:; 15 November 2024

Summary

A cross-site scripting vulnerability exists in the web-based management interface of Cisco ECE, stemming from insufficient validation of user-supplied input. When an attacker exploits this vulnerability, they can inject malicious script code through a chat window. This can lead to arbitrary script code execution within the context of the interface, potentially exposing sensitive information available in the browser. Cisco has released necessary software updates to resolve this issue, emphasizing the importance of applying these updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Cisco Enterprise Chat and Email 11.6(1)_ES3

Cisco Enterprise Chat and Email 11.6(1)_ES4

Cisco Enterprise Chat and Email 12.0(1)_ES6

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 2, 2021