csaf_certbund - wid-sec-w-2024-3356

wid-sec-w-2024-3356

Vulnerability from csaf_certbund

Published

2024-11-06 23:00

Modified

2024-11-06 23:00

Summary

Cisco Unified Communications Manager IM & Presence Service und Unified Communications Manager (CUCM): Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Cisco Unified Communications Manager (CUCM) (ehemals CallManager) dient zur Gesprächsvermittlung in IP-Telefonie-Netzen. Der Cisco Unified Communications Manager (CUCM, ehemals CallManager) dient zur Gesprächsvermittlung in IP-Telefonie-Netzen.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Cisco Unified Communications Manager IM & Presence Service und Cisco Unified Communications Manager (CUCM) ausnutzen, um Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen.

Betroffene Betriebssysteme

- CISCO Appliance

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "mittel",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Der Cisco Unified Communications Manager (CUCM) (ehemals CallManager) dient zur Gesprächsvermittlung in IP-Telefonie-Netzen.\r\nDer Cisco Unified Communications Manager (CUCM, ehemals CallManager) dient zur Gesprächsvermittlung in IP-Telefonie-Netzen.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Cisco Unified Communications Manager IM & Presence Service und Cisco Unified Communications Manager (CUCM) ausnutzen, um Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- CISCO Appliance",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-3356 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3356.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-3356 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3356",
         },
         {
            category: "external",
            summary: "Cisco Security Advisory  vom 2024-11-06",
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n?amp%3B_Presence_Service_Information_Disclosure_Vulnerability%26vs_k=1",
         },
         {
            category: "external",
            summary: "Cisco Security Advisory  vom 2024-11-06",
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW",
         },
      ],
      source_lang: "en-US",
      title: "Cisco Unified Communications Manager IM & Presence Service und Unified Communications Manager (CUCM): Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2024-11-06T23:00:00.000+00:00",
         generator: {
            date: "2024-11-07T09:33:31.452+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.8",
            },
         },
         id: "WID-SEC-W-2024-3356",
         initial_release_date: "2024-11-06T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-11-06T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<14SU5 (2025)",
                        product: {
                           name: "Cisco Unified Communications Manager (CUCM) <14SU5 (2025)",
                           product_id: "T038817",
                        },
                     },
                     {
                        category: "product_version",
                        name: "14SU5 (2025)",
                        product: {
                           name: "Cisco Unified Communications Manager (CUCM) 14SU5 (2025)",
                           product_id: "T038817-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:cisco:unified_communications_manager:14su5_%25282025%2529",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<15SU2",
                        product: {
                           name: "Cisco Unified Communications Manager (CUCM) <15SU2",
                           product_id: "T038818",
                        },
                     },
                     {
                        category: "product_version",
                        name: "15SU2",
                        product: {
                           name: "Cisco Unified Communications Manager (CUCM) 15SU2",
                           product_id: "T038818-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:cisco:unified_communications_manager:15su2",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "Unified Communications Manager (CUCM)",
               },
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<12.5(1)SU9",
                        product: {
                           name: "Cisco Unified Communications Manager IM & Presence Service <12.5(1)SU9",
                           product_id: "T038814",
                        },
                     },
                     {
                        category: "product_version",
                        name: "12.5(1)SU9",
                        product: {
                           name: "Cisco Unified Communications Manager IM & Presence Service 12.5(1)SU9",
                           product_id: "T038814-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:12.5%25281%2529su9",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<14SU5 (2025)",
                        product: {
                           name: "Cisco Unified Communications Manager IM & Presence Service <14SU5 (2025)",
                           product_id: "T038815",
                        },
                     },
                     {
                        category: "product_version",
                        name: "14SU5 (2025)",
                        product: {
                           name: "Cisco Unified Communications Manager IM & Presence Service 14SU5 (2025)",
                           product_id: "T038815-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:14su5_%25282025%2529",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<15SU2",
                        product: {
                           name: "Cisco Unified Communications Manager IM & Presence Service <15SU2",
                           product_id: "T038816",
                        },
                     },
                     {
                        category: "product_version",
                        name: "15SU2",
                        product: {
                           name: "Cisco Unified Communications Manager IM & Presence Service 15SU2",
                           product_id: "T038816-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:15su2",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "Unified Communications Manager IM & Presence Service",
               },
            ],
            category: "vendor",
            name: "Cisco",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2024-20457",
         notes: [
            {
               category: "description",
               text: "In Cisco Unified Communications Manager IM & Presence Service besteht eine Schwachstelle. Dieser Fehler existiert in der Protokollierungskomponente wegen der Speicherung von unverschlüsselten Anmeldeinformationen in bestimmten Protokollen. Ein entfernter authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038816",
               "T038815",
               "T038814",
            ],
         },
         release_date: "2024-11-06T23:00:00.000+00:00",
         title: "CVE-2024-20457",
      },
      {
         cve: "CVE-2024-20511",
         notes: [
            {
               category: "description",
               text: "In Cisco Unified Communications Manager (CUCM) existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden in der webbasierten Verwaltungsoberfläche nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.",
            },
         ],
         product_status: {
            known_affected: [
               "T038817",
               "T038818",
            ],
         },
         release_date: "2024-11-06T23:00:00.000+00:00",
         title: "CVE-2024-20511",
      },
   ],
}

cve-2024-20457

Vulnerability from cvelistv5

Published

2024-11-06 16:29

Modified

2024-11-06 17:06

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Communications Manager IM and Presence Service	Version: 11.5(1)SU6 Version: 10.5(1)SU1 Version: 10.5(1)SU2 Version: 12.5(1) Version: 10.5(2)SU2a Version: 11.5(1)SU3a Version: 10.0(1)SU2 Version: 10.5(2)SU2 Version: 11.0 Version: 10.5(2)SU3 Version: 10.5(1)SU3 Version: 11.5(1)SU1 Version: 11.0(1) Version: 10.5(2)SU4 Version: 11.0(1)SU1 Version: 11.5(1)SU2 Version: 11.5(1)SU5 Version: 10.0(1)SU1 Version: 11.5(1)SU3 Version: 10.5(2)SU4a Version: 10.5(2) Version: 11.5(1)SU5a Version: 11.5(1)SU4 Version: 12.5(1)SU1 Version: 10.0(1) Version: 10.5(2b) Version: 10.5(2)SU1 Version: 10.5(1) Version: 10.5(2a) Version: 11.5(1) Version: 12.5(1)SU2 Version: 11.5(1)SU7 Version: 11.5(1)SU8 Version: 12.5(1)SU3 Version: 11.5(1)SU9 Version: 12.5(1)SU4 Version: 14 Version: 11.5(1)SU10 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 11.5(1)SU11 Version: 14SU2 Version: 14SU2a Version: 12.5(1)SU7 Version: 14SU3 Version: 12.5(1)SU8 Version: 15 Version: 15SU1 Version: 14SU4

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-20457",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-06T17:06:29.143075Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-06T17:06:37.800Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unknown",
               product: "Cisco Unified Communications Manager IM and Presence Service",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "11.5(1)SU6",
                  },
                  {
                     status: "affected",
                     version: "10.5(1)SU1",
                  },
                  {
                     status: "affected",
                     version: "10.5(1)SU2",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)",
                  },
                  {
                     status: "affected",
                     version: "10.5(2)SU2a",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU3a",
                  },
                  {
                     status: "affected",
                     version: "10.0(1)SU2",
                  },
                  {
                     status: "affected",
                     version: "10.5(2)SU2",
                  },
                  {
                     status: "affected",
                     version: "11.0",
                  },
                  {
                     status: "affected",
                     version: "10.5(2)SU3",
                  },
                  {
                     status: "affected",
                     version: "10.5(1)SU3",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU1",
                  },
                  {
                     status: "affected",
                     version: "11.0(1)",
                  },
                  {
                     status: "affected",
                     version: "10.5(2)SU4",
                  },
                  {
                     status: "affected",
                     version: "11.0(1)SU1",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU2",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU5",
                  },
                  {
                     status: "affected",
                     version: "10.0(1)SU1",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU3",
                  },
                  {
                     status: "affected",
                     version: "10.5(2)SU4a",
                  },
                  {
                     status: "affected",
                     version: "10.5(2)",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU5a",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU4",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU1",
                  },
                  {
                     status: "affected",
                     version: "10.0(1)",
                  },
                  {
                     status: "affected",
                     version: "10.5(2b)",
                  },
                  {
                     status: "affected",
                     version: "10.5(2)SU1",
                  },
                  {
                     status: "affected",
                     version: "10.5(1)",
                  },
                  {
                     status: "affected",
                     version: "10.5(2a)",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU2",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU7",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU8",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU3",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU9",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU4",
                  },
                  {
                     status: "affected",
                     version: "14",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU10",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU5",
                  },
                  {
                     status: "affected",
                     version: "14SU1",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU6",
                  },
                  {
                     status: "affected",
                     version: "11.5(1)SU11",
                  },
                  {
                     status: "affected",
                     version: "14SU2",
                  },
                  {
                     status: "affected",
                     version: "14SU2a",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU7",
                  },
                  {
                     status: "affected",
                     version: "14SU3",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU8",
                  },
                  {
                     status: "affected",
                     version: "15",
                  },
                  {
                     status: "affected",
                     version: "15SU1",
                  },
                  {
                     status: "affected",
                     version: "14SU4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the logging component of Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "cvssV3_1",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-200",
                     description: "Exposure of Sensitive Information to an Unauthorized Actor",
                     lang: "en",
                     type: "cwe",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-06T16:29:12.887Z",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "cisco-sa-imp-inf-disc-cUPKuA5n",
               url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n",
            },
         ],
         source: {
            advisory: "cisco-sa-imp-inf-disc-cUPKuA5n",
            defects: [
               "CSCwk31853",
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability",
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2024-20457",
      datePublished: "2024-11-06T16:29:12.887Z",
      dateReserved: "2023-11-08T15:08:07.679Z",
      dateUpdated: "2024-11-06T17:06:37.800Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-20511

Vulnerability from cvelistv5

Published

2024-11-06 16:29

Modified

2024-11-06 17:04

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Communications Manager	Version: 12.5(1)SU2 Version: 12.0(1)SU2 Version: 12.0(1)SU3 Version: 12.5(1)SU1 Version: 12.5(1) Version: 12.0(1)SU1 Version: 12.5(1)SU3 Version: 12.0(1)SU4 Version: 12.5(1)SU4 Version: 14 Version: 12.0(1)SU5 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 14SU2 Version: 12.5(1)SU7 Version: 12.5(1)SU7a Version: 14SU3 Version: 12.5(1)SU8 Version: 12.5(1)SU8a Version: 15 Version: 15SU1 Version: 14SU4 Version: 14SU4a Version: 15SU1a Version: 12.5(1)SU9

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-20511",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-06T17:04:44.682281Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-06T17:04:51.825Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unknown",
               product: "Cisco Unified Communications Manager",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "12.5(1)SU2",
                  },
                  {
                     status: "affected",
                     version: "12.0(1)SU2",
                  },
                  {
                     status: "affected",
                     version: "12.0(1)SU3",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU1",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)",
                  },
                  {
                     status: "affected",
                     version: "12.0(1)SU1",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU3",
                  },
                  {
                     status: "affected",
                     version: "12.0(1)SU4",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU4",
                  },
                  {
                     status: "affected",
                     version: "14",
                  },
                  {
                     status: "affected",
                     version: "12.0(1)SU5",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU5",
                  },
                  {
                     status: "affected",
                     version: "14SU1",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU6",
                  },
                  {
                     status: "affected",
                     version: "14SU2",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU7",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU7a",
                  },
                  {
                     status: "affected",
                     version: "14SU3",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU8",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU8a",
                  },
                  {
                     status: "affected",
                     version: "15",
                  },
                  {
                     status: "affected",
                     version: "15SU1",
                  },
                  {
                     status: "affected",
                     version: "14SU4",
                  },
                  {
                     status: "affected",
                     version: "14SU4a",
                  },
                  {
                     status: "affected",
                     version: "15SU1a",
                  },
                  {
                     status: "affected",
                     version: "12.5(1)SU9",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.1",
               },
               format: "cvssV3_1",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                     lang: "en",
                     type: "cwe",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-06T16:29:54.298Z",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "cisco-sa-cucm-xss-SVCkMMW",
               url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW",
            },
         ],
         source: {
            advisory: "cisco-sa-cucm-xss-SVCkMMW",
            defects: [
               "CSCwk99263",
            ],
            discovery: "EXTERNAL",
         },
         title: "Cisco Unified Communications Manager Cross-Site Scripting Vulnerability",
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2024-20511",
      datePublished: "2024-11-06T16:29:54.298Z",
      dateReserved: "2023-11-08T15:08:07.688Z",
      dateUpdated: "2024-11-06T17:04:51.825Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2024-3356

Vulnerability from csaf_certbund

cve-2024-20457

Vulnerability from cvelistv5

cve-2024-20511

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature