CVE-2023-20242
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-20242 is a newly identified vulnerability that affects the web-based management interfaces of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P). This issue allows an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack against users of these interfaces. The root cause of this vulnerability is the interfaces' failure to properly validate user-supplied input. By crafting a malicious link, an attacker can persuade a user to click it, enabling the attacker to inject and execute arbitrary script code in the context of the affected interface or gain access to sensitive, browser-based information.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Unified Communications Manager
Affected Vendors
- Cisco Systems Inc