CVE-2024-20504

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 6, 2024
CWE ID 80

Summary

CVE-2024-20504 is a stored cross-site scripting (XSS) vulnerability affecting the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance. An authenticated, remote attacker can exploit this vulnerability by crafting a malicious link that, when clicked by a user of the interface, allows the attacker to inject and execute arbitrary script code. This could lead to unauthorized access to sensitive information or the ability to manipulate the user's session. The root cause of this vulnerability is insufficient input validation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share