Cisco TelePresence Management Suite Software Vulnerability Could Lead to Cross-Site Scripting Attacks
CVE-2023-20249

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Telepresence Management Suite (tms)
Vendor: CVE Published:; 24 April 2024

Summary

A vulnerability exists in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software that can be exploited by an authenticated remote attacker to perform a cross-site scripting (XSS) attack. The root cause of this vulnerability lies in the insufficient input validation implemented within the management interface. By manipulating specific data fields within the interface, an attacker could insert malicious scripts, allowing execution of arbitrary code in the context of the affected interface. This could also lead to unauthorized access to sensitive information stored in the user's browser.

Affected Version(s)

Cisco TelePresence Management Suite (TMS) TMS_15.11.0

Cisco TelePresence Management Suite (TMS) TMS_15.12.0

Cisco TelePresence Management Suite (TMS) TMS_15.13.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 24, 2024
Vulnerability Reserved
Oct 27, 2022