Stored XSS Vulnerability in Cisco BroadWorks Management Interface
CVE-2024-20270

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco BroadWorks
Vendor: CVE Published:; 17 January 2024

Summary

A stored cross-site scripting vulnerability exists in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform due to improper validation of user input. An authenticated, remote attacker could exploit this vulnerability by persuading a user to click on a specially crafted link, potentially executing arbitrary scripts within the context of the affected interface. This could lead to unauthorized access to sensitive information stored in the browser, posing a security risk to users.

Affected Version(s)

Cisco BroadWorks 24.0 ap375672

Cisco BroadWorks 24.0 ap375655

Cisco BroadWorks 24.0 ap376979

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 17, 2024
Vulnerability Reserved
Nov 8, 2023