Vulnerability-Lookup

BDU:2024-04199

Vulnerability from fstec - Published: 03.04.2024

Title

Уязвимость веб-интерфейса управления системы обработки вызовов Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), позволяющая нарушителю проводить межсайтовые сценарные атаки

Description

Уязвимость веб-интерфейса управления системы обработки вызовов Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) связана с обходом относительного пути. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить межсайтовые сценарные атаки

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vendor

Cisco Systems Inc.

Software Name

Unified Communications Manager IM and Presence Service

Software Version

до 12.5 SU8 (Unified Communications Manager IM and Presence Service), от 14.0 до 14 SU4 (Unified Communications Manager IM and Presence Service)

Possible Mitigations

Использование рекомендаций: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF

CWE

CWE-23

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 12.5 SU8 (Unified Communications Manager IM and Presence Service), \u043e\u0442 14.0 \u0434\u043e 14 SU4 (Unified Communications Manager IM and Presence Service)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.04.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.05.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-04199",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20310",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Unified Communications Manager IM and Presence Service",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0432\u044b\u0437\u043e\u0432\u043e\u0432 Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0431\u0445\u043e\u0434 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 (CWE-23)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0432\u044b\u0437\u043e\u0432\u043e\u0432 Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-23",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}

CVE-2024-20310 (GCVE-0-2024-20310)

Vulnerability from cvelistv5 – Published: 2024-04-03 16:19 – Updated: 2024-08-01 21:59

Summary

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-23 - Relative Path Traversal

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

Vendor

Product

Version

Cisco

Cisco IOS XE Software

Affected: N/A

Cisco

Cisco Unified Communications Manager IM and Presence Service

Affected: 10.5(1)
Affected: 10.5(2)
Affected: 10.5(2a)
Affected: 10.5(2b)
Affected: 10.5(2)SU3
Affected: 10.5(2)SU2a
Affected: 10.5(2)SU4a
Affected: 10.5(2)SU4
Affected: 10.5(1)SU3
Affected: 10.5(1)SU1
Affected: 10.5(2)SU1
Affected: 10.5(2)SU2
Affected: 10.5(1)SU2
Affected: 11.5(1)
Affected: 11.5(1)SU1
Affected: 11.5(1)SU2
Affected: 11.5(1)SU3
Affected: 11.5(1)SU3a
Affected: 11.5(1)SU4
Affected: 11.5(1)SU5
Affected: 11.5(1)SU5a
Affected: 11.5(1)SU6
Affected: 11.5(1)SU7
Affected: 11.5(1)SU8
Affected: 11.5(1)SU9
Affected: 11.5(1)SU10
Affected: 11.5(1)SU11
Affected: 11.0(1)
Affected: 11.0(1)SU1
Affected: 12.5(1)
Affected: 12.5(1)SU1
Affected: 12.5(1)SU2
Affected: 12.5(1)SU3
Affected: 12.5(1)SU4
Affected: 12.5(1)SU5
Affected: 12.5(1)SU6
Affected: 12.5(1)SU7
Affected: 14
Affected: 14SU1
Affected: 14SU2
Affected: 14SU2a
Affected: 10.0(1)
Affected: 10.0(1)SU1
Affected: 10.0(1)SU2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2a\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2b\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su2a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su4a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su11"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su3a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su5a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su8"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.0\\(1\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.0\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "14.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "14.0su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.0\\(1\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.0\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.0\\(1\\)su2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20310",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T17:58:41.263017Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T16:23:39.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "Cisco Unified Communications Manager IM and Presence Service",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "10.5(2)"
            },
            {
              "status": "affected",
              "version": "10.5(2a)"
            },
            {
              "status": "affected",
              "version": "10.5(2b)"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU3"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU2a"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU4a"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU4"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU2"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU3a"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU5a"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU9"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU10"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU11"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "14SU2a"
            },
            {
              "status": "affected",
              "version": "10.0(1)"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Relative Path Traversal",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-03T16:36:06.520Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cucm-imps-xss-quWkd9yF",
        "defects": [
          "CSCwf41335"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20310",
    "datePublished": "2024-04-03T16:19:40.031Z",
    "dateReserved": "2023-11-08T15:08:07.631Z",
    "dateUpdated": "2024-08-01T21:59:41.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-04199

CVE-2024-20310 (GCVE-0-2024-20310)

Tags

Sightings

Nomenclature