CVE-2020-3532
CVSS 3.0 Score 6.1 of 10 (medium)
Details
Summary
CVE-2020-3532 is a cross-site scripting (XSS) vulnerability affecting the web-based management interfaces of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection. This issue arises due to insufficient input validation, enabling unauthenticated, remote attackers to inject malicious scripts into the interface. Users may be tricked into clicking a malicious link, leading to arbitrary script execution or access to sensitive browser-based information. Unfortunately, there are currently no workarounds to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Unity Connection
- Cisco Unified Communications Manager Session Management Edition
- Cisco Unified Communications Manager
Affected Vendors
- Cisco Systems Inc