Cisco ECE Web-Based Management Interface Vulnerability
CVE-2022-20632
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 15 November 2024
What is CVE-2022-20632?
The web-based management interface of Cisco ECE contains a security vulnerability that permits unauthenticated remote attackers to conduct cross-site scripting (XSS) attacks. This vulnerability arises from improper validation of user-supplied input within the interface. By tricking an interface user into clicking a specially crafted link, an attacker can execute arbitrary script code within the context of the interface. This exploitation could lead to unauthorized access to sensitive information stored in the user's browser. Cisco has addressed this issue through software updates, with no viable workarounds available.
Affected Version(s)
Cisco Enterprise Chat and Email 11.6(1)_ES3
Cisco Enterprise Chat and Email 11.6(1)_ES4
Cisco Enterprise Chat and Email 12.0(1)_ES6