CVE-2022-20631

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 15, 2024

CWE ID 79

Summary

CVE-2022-20631 is a vulnerability affecting the web-based management interface of certain Cisco ECE devices. An unauthenticated, remote attacker can exploit this issue by injecting malicious script code in a chat window. Successful exploitation could allow the attacker to execute arbitrary script code in the context of the interface or gain access to sensitive browser-based information. The root cause is the interface's failure to properly validate user-supplied input. Cisco has released software updates to address this vulnerability, and no workarounds are currently available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Cisco Enterprise Chat and Email

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners