CVE-2020-3532

CVSS 3.0 Score 6.1 of 10 (medium)

Details

Published Nov 18, 2024
CWE ID 79

Summary

CVE-2020-3532 is a cross-site scripting (XSS) vulnerability affecting the web-based management interfaces of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection. This issue arises due to insufficient input validation, enabling unauthenticated, remote attackers to inject malicious scripts into the interface. Users may be tricked into clicking a malicious link, leading to arbitrary script execution or access to sensitive browser-based information. Unfortunately, there are currently no workarounds to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco Unity Connection
  • Cisco Unified Communications Manager Session Management Edition
  • Cisco Unified Communications Manager

Affected Vendors

  • Cisco Systems Inc