Action not permitted
Modal body text goes here.
Modal Title
Modal Body
gsd-2024-20540
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{ GSD: { alias: "CVE-2024-20540", id: "GSD-2024-20540", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2024-20540", ], id: "GSD-2024-20540", modified: "2023-12-13T01:21:42.935784Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2024-20540", STATE: "RESERVED", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", }, ], }, }, }, }
cve-2024-20540
Vulnerability from cvelistv5
Published
2024-11-06 16:32
Modified
2024-11-06 16:58
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a Supervisor role on an affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Contact Center Management Portal |
Version: 12.5(1)_ES1 Version: 11.6(1)_ES11 Version: 12.5(1)_ES3 Version: 11.6(1)ES2 Version: 10.5(1)ES7 Version: 11.6(1)_ES17 Version: 11.5(1)ES6 Version: 12.5(1) Version: 11.6(1)ES1 Version: 12.0(1)_ES4 Version: 10.5(1)ES1 Version: 11.5(1)ES1 Version: 12.5(1)_ES5 Version: 12.0(1)_ES3 Version: 11.5(1)ES5 Version: 11.6(1)_ES7 Version: 12.0(1)_ES1 Version: 11.5(1)ES8 Version: 11.6(1)_ES9 Version: 10.5(1)ES12 Version: 11.0(1)ES1 Version: 11.6(1)_ES16 Version: 11.5(1)ES7 Version: 11.5(1)ES3 Version: 11.6(1)_ES3 Version: 10.5(1)ES11 Version: 10.5(1)ES10 Version: 11.5(1)ES4 Version: 10.5(1)ES3 Version: 12.6(1) Version: 12.6(1)_ES1 Version: 11.6(1) Version: 12.0(1)_ES2 Version: 11.6(1)_ES13 Version: 12.5(1)_ES2 Version: 10.5(1)ES2 Version: 10.5(1)ES13 Version: 11.6(1)_ES12 Version: 11.0(1)ES3 Version: 11.6(1)_ES5 Version: 11.5(1)ES9 Version: 10.5(1)ES4 Version: 12.6(1)_ES2 Version: 12.0(1) Version: 10.5(1)ES6 Version: 11.6(1)_ES4 Version: 11.6(1)_ES14 Version: 11.0(1)ES2 Version: 12.0(1)_ES5 Version: 10.5(1)ES5 Version: 12.5(1)_ES4 Version: 11.6(1)_ES15 Version: 10.5(1)ES8 Version: 11.6(1)_ES6 Version: 10.5(1)ES9 Version: 11.6(1)_ES10 Version: 11.5(1)ES2 Version: 11.0(1) Version: 12.5(1)_ES6 Version: 12.6(1)_ES3 Version: 12.6(1)_ES4 Version: 12.5(1)_ES7 Version: 12.6(1)_ES5 Version: 12.6(1)_ES6 Version: 12.5(1)_ES8 Version: 12.5(1)_ES9 Version: 12.6(1)_ES7 Version: 12.6(1)_ES8 Version: 12.5(1)_ES10 Version: 10.5(1) Version: 11.5(1) Version: 12.6(1)_ES9 Version: 12.6(1)_ES10 Version: 12.5(1)_ES11 Version: 12.6(1)_ES11 Version: 12.6(1)_ES12 Version: 12.5(1)_ES12 Version: 12.6(1)_ES13 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20540", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T16:58:05.818829Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:58:14.321Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Cisco Unified Contact Center Management Portal", vendor: "Cisco", versions: [ { status: "affected", version: "12.5(1)_ES1", }, { status: "affected", version: "11.6(1)_ES11", }, { status: "affected", version: "12.5(1)_ES3", }, { status: "affected", version: "11.6(1)ES2", }, { status: "affected", version: "10.5(1)ES7", }, { status: "affected", version: "11.6(1)_ES17", }, { status: "affected", version: "11.5(1)ES6", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "11.6(1)ES1", }, { status: "affected", version: "12.0(1)_ES4", }, { status: "affected", version: "10.5(1)ES1", }, { status: "affected", version: "11.5(1)ES1", }, { status: "affected", version: "12.5(1)_ES5", }, { status: "affected", version: "12.0(1)_ES3", }, { status: "affected", version: "11.5(1)ES5", }, { status: "affected", version: "11.6(1)_ES7", }, { status: "affected", version: "12.0(1)_ES1", }, { status: "affected", version: "11.5(1)ES8", }, { status: "affected", version: "11.6(1)_ES9", }, { status: "affected", version: "10.5(1)ES12", }, { status: "affected", version: "11.0(1)ES1", }, { status: "affected", version: "11.6(1)_ES16", }, { status: "affected", version: "11.5(1)ES7", }, { status: "affected", version: "11.5(1)ES3", }, { status: "affected", version: "11.6(1)_ES3", }, { status: "affected", version: "10.5(1)ES11", }, { status: "affected", version: "10.5(1)ES10", }, { status: "affected", version: "11.5(1)ES4", }, { status: "affected", version: "10.5(1)ES3", }, { status: "affected", version: "12.6(1)", }, { status: "affected", version: "12.6(1)_ES1", }, { status: "affected", version: "11.6(1)", }, { status: "affected", version: "12.0(1)_ES2", }, { status: "affected", version: "11.6(1)_ES13", }, { status: "affected", version: "12.5(1)_ES2", }, { status: "affected", version: "10.5(1)ES2", }, { status: "affected", version: "10.5(1)ES13", }, { status: "affected", version: "11.6(1)_ES12", }, { status: "affected", version: "11.0(1)ES3", }, { status: "affected", version: "11.6(1)_ES5", }, { status: "affected", version: "11.5(1)ES9", }, { status: "affected", version: "10.5(1)ES4", }, { status: "affected", version: "12.6(1)_ES2", }, { status: "affected", version: "12.0(1)", }, { status: "affected", version: "10.5(1)ES6", }, { status: "affected", version: "11.6(1)_ES4", }, { status: "affected", version: "11.6(1)_ES14", }, { status: "affected", version: "11.0(1)ES2", }, { status: "affected", version: "12.0(1)_ES5", }, { status: "affected", version: "10.5(1)ES5", }, { status: "affected", version: "12.5(1)_ES4", }, { status: "affected", version: "11.6(1)_ES15", }, { status: "affected", version: "10.5(1)ES8", }, { status: "affected", version: "11.6(1)_ES6", }, { status: "affected", version: "10.5(1)ES9", }, { status: "affected", version: "11.6(1)_ES10", }, { status: "affected", version: "11.5(1)ES2", }, { status: "affected", version: "11.0(1)", }, { status: "affected", version: "12.5(1)_ES6", }, { status: "affected", version: "12.6(1)_ES3", }, { status: "affected", version: "12.6(1)_ES4", }, { status: "affected", version: "12.5(1)_ES7", }, { status: "affected", version: "12.6(1)_ES5", }, { status: "affected", version: "12.6(1)_ES6", }, { status: "affected", version: "12.5(1)_ES8", }, { status: "affected", version: "12.5(1)_ES9", }, { status: "affected", version: "12.6(1)_ES7", }, { status: "affected", version: "12.6(1)_ES8", }, { status: "affected", version: "12.5(1)_ES10", }, { status: "affected", version: "10.5(1)", }, { status: "affected", version: "11.5(1)", }, { status: "affected", version: "12.6(1)_ES9", }, { status: "affected", version: "12.6(1)_ES10", }, { status: "affected", version: "12.5(1)_ES11", }, { status: "affected", version: "12.6(1)_ES11", }, { status: "affected", version: "12.6(1)_ES12", }, { status: "affected", version: "12.5(1)_ES12", }, { status: "affected", version: "12.6(1)_ES13", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a Supervisor role on an affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-06T16:32:12.522Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-ccmp-sxss-qBTDBZDD", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-sxss-qBTDBZDD", }, ], source: { advisory: "cisco-sa-ccmp-sxss-qBTDBZDD", defects: [ "CSCwm77360", ], discovery: "EXTERNAL", }, title: "Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20540", datePublished: "2024-11-06T16:32:12.522Z", dateReserved: "2023-11-08T15:08:07.693Z", dateUpdated: "2024-11-06T16:58:14.321Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.