CVE-2020-3420
CVSS 3.0 Score 5.4 of 10 (medium)
Details
Summary
CVE-2020-3420 is a cross-site scripting (XSS) vulnerability affecting the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). An authenticated, remote attacker can exploit this issue by inserting malicious data into a specific input field. The vulnerability arises from insufficient input validation by the interface. Successful exploitation allows the attacker to execute arbitrary script code or access sensitive browser-information in the context of the affected interface. No workarounds are available to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.