CVE-2024-20305

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jan 26, 2024

Updated: Feb 15, 2024

CWE ID 79

Summary

CVE-2024-20305 is a newly disclosed vulnerability affecting the web-based management interface of Cisco Unity Connection. This issue permits authenticated, remote attackers to execute cross-site scripting (XSS) attacks against users of the interface. The root cause is the interface's failure to adequately validate user-supplied input. An attacker can trick a user into clicking a malicious link, leading to the execution of arbitrary script code within the affected interface or the potential access to sensitive browser-based information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco Unity Connection

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uREXNu
https://www.cve.org/CVERecord?id=CVE-2024-20305
https://nvd.nist.gov/vuln/detail/CVE-2024-20305

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners