{"uuid": "dc104ba1-24cd-4536-818a-89b577a88597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20218", "type": "seen", "source": "https://t.me/arpsyndicate/2979", "content": "#ExploitObserverAlert\n\nCVE-2023-20218\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-20218. A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser.  This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.  Cisco will not release software updates that address this vulnerability.     {{value}} [\"%7b%7bvalue%7d%7d\"])}]]\n\nFIRST-EPSS: 0.000590000\nNVD-IS: 2.7\nNVD-ES: 2.8", "creation_timestamp": "2024-01-26T15:13:45.000000Z"}