CVE-2024-20305

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jan 26, 2024
Updated: Feb 15, 2024
CWE ID 79

Summary

CVE-2024-20305 is a newly disclosed vulnerability affecting the web-based management interface of Cisco Unity Connection. This issue permits authenticated, remote attackers to execute cross-site scripting (XSS) attacks against users of the interface. The root cause is the interface's failure to adequately validate user-supplied input. An attacker can trick a user into clicking a malicious link, leading to the execution of arbitrary script code within the affected interface or the potential access to sensitive browser-based information.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco Unity Connection

Affected Vendors

  • Cisco Systems Inc