CVE-2024-20475

Summary

CVE-2024-20475 is a recently disclosed vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager. This issue allows authenticated, remote attackers to execute arbitrary script code through a cross-site scripting (XSS) attack. The vulnerability arises due to the interface's inability to properly validate user-supplied input. An attacker could exploit this flaw by inserting malicious data into a specific data field, potentially leading to unintended execution of scripts in the context of the affected interface. Users are strongly urged to apply the relevant software update as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.