Cross-Site Scripting Vulnerability in Cisco Unity Connection Management Interface
CVE-2024-20305

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unity Connection
Vendor: CVE Published:; 26 January 2024

Summary

A vulnerability exists in the web-based management interface of Cisco Unity Connection, allowing authenticated remote attackers to conduct cross-site scripting (XSS) attacks. This vulnerability arises from insufficient validation of user-supplied input. Attackers could exploit this flaw by convincing users to click on specially crafted links, which may enable the execution of arbitrary script code in the context of the affected interface as well as access to sensitive information stored in the user's browser.

Affected Version(s)

Cisco Unity Connection 12.0(1)SU1

Cisco Unity Connection 12.0(1)SU2

Cisco Unity Connection 12.0(1)SU3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 26, 2024
Vulnerability Reserved
Nov 8, 2023