Cisco ECE Web-Based Management Interface Vulnerability
CVE-2022-20632

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Enterprise Chat And Email
Vendor: CVE Published:; 15 November 2024

Summary

The web-based management interface of Cisco ECE contains a security vulnerability that permits unauthenticated remote attackers to conduct cross-site scripting (XSS) attacks. This vulnerability arises from improper validation of user-supplied input within the interface. By tricking an interface user into clicking a specially crafted link, an attacker can execute arbitrary script code within the context of the interface. This exploitation could lead to unauthorized access to sensitive information stored in the user's browser. Cisco has addressed this issue through software updates, with no viable workarounds available.

Affected Version(s)

Cisco Enterprise Chat and Email 11.6(1)_ES3

Cisco Enterprise Chat and Email 11.6(1)_ES4

Cisco Enterprise Chat and Email 12.0(1)_ES6

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 2, 2021