Vulnerability-Lookup

WID-SEC-W-2024-0782

Vulnerability from csaf_certbund - Published: 2024-04-03 22:00 - Updated: 2024-11-27 23:00

Summary

Cisco Unified Communications Manager IM & Presence Service: Schwachstelle ermöglicht Cross-Site Scripting

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Cisco Unified Communications Manager (CUCM) (ehemals CallManager) dient zur Gesprächsvermittlung in IP-Telefonie-Netzen.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco Unified Communications Manager IM & Presence Service ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.

Betroffene Betriebssysteme: - CISCO Appliance - Linux

CVE-2024-20310

In Cisco Unified Communications Manager IM & Presence Service existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden in der webbasierten Management-Schnittstelle nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

References

URL

CVE-2024-20310 (GCVE-0-2024-20310)

Vulnerability from cvelistv5 – Published: 2024-04-03 16:19 – Updated: 2024-08-01 21:59

Summary

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-23 - Relative Path Traversal

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

Vendor

Product

Version

Cisco

Cisco IOS XE Software

Affected: N/A

Cisco

Cisco Unified Communications Manager IM and Presence Service

Affected: 10.5(1)
Affected: 10.5(2)
Affected: 10.5(2a)
Affected: 10.5(2b)
Affected: 10.5(2)SU3
Affected: 10.5(2)SU2a
Affected: 10.5(2)SU4a
Affected: 10.5(2)SU4
Affected: 10.5(1)SU3
Affected: 10.5(1)SU1
Affected: 10.5(2)SU1
Affected: 10.5(2)SU2
Affected: 10.5(1)SU2
Affected: 11.5(1)
Affected: 11.5(1)SU1
Affected: 11.5(1)SU2
Affected: 11.5(1)SU3
Affected: 11.5(1)SU3a
Affected: 11.5(1)SU4
Affected: 11.5(1)SU5
Affected: 11.5(1)SU5a
Affected: 11.5(1)SU6
Affected: 11.5(1)SU7
Affected: 11.5(1)SU8
Affected: 11.5(1)SU9
Affected: 11.5(1)SU10
Affected: 11.5(1)SU11
Affected: 11.0(1)
Affected: 11.0(1)SU1
Affected: 12.5(1)
Affected: 12.5(1)SU1
Affected: 12.5(1)SU2
Affected: 12.5(1)SU3
Affected: 12.5(1)SU4
Affected: 12.5(1)SU5
Affected: 12.5(1)SU6
Affected: 12.5(1)SU7
Affected: 14
Affected: 14SU1
Affected: 14SU2
Affected: 14SU2a
Affected: 10.0(1)
Affected: 10.0(1)SU1
Affected: 10.0(1)SU2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2a\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2b\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su2a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su4a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(2\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.5\\(1\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su11"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su3a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su5a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su8"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.5\\(1\\)su9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.0\\(1\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.0\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.5\\(1\\)su7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "14.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "14.0su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.0\\(1\\)"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.0\\(1\\)su1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_communications_manager_im_and_presence_service",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "10.0\\(1\\)su2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20310",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-03T17:58:41.263017Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T16:23:39.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "Cisco Unified Communications Manager IM and Presence Service",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "10.5(2)"
            },
            {
              "status": "affected",
              "version": "10.5(2a)"
            },
            {
              "status": "affected",
              "version": "10.5(2b)"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU3"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU2a"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU4a"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU4"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(2)SU2"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU3a"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU5a"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU9"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU10"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU11"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "14SU2a"
            },
            {
              "status": "affected",
              "version": "10.0(1)"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Relative Path Traversal",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-03T16:36:06.520Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cucm-imps-xss-quWkd9yF",
        "defects": [
          "CSCwf41335"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20310",
    "datePublished": "2024-04-03T16:19:40.031Z",
    "dateReserved": "2023-11-08T15:08:07.631Z",
    "dateUpdated": "2024-08-01T21:59:41.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-0782

CVE-2024-20310 (GCVE-0-2024-20310)

Tags

Sightings

Nomenclature