TROYANOSYVIRUS
Retour aux CVEs

CVE-2024-20504

MEDIUM
5.4

Description

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Details CVE

Score CVSS v3.15.4
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie11/6/2024
Derniere modification8/7/2025
Sourcenvd
Observations honeypot0

Produits affectes

cisco:asyncoscisco:secure_email_and_web_manager_m170cisco:secure_email_and_web_manager_m190cisco:secure_email_and_web_manager_m195cisco:secure_email_and_web_manager_m380cisco:secure_email_and_web_manager_m390cisco:secure_email_and_web_manager_m390xcisco:secure_email_and_web_manager_m395cisco:secure_email_and_web_manager_m680cisco:secure_email_and_web_manager_m690cisco:secure_email_and_web_manager_m690xcisco:secure_email_and_web_manager_m695cisco:secure_email_and_web_manager_virtual_appliance_m100vcisco:secure_email_and_web_manager_virtual_appliance_m300vcisco:secure_email_and_web_manager_virtual_appliance_m600vcisco:secure_email_gateway_c195cisco:secure_email_gateway_c395cisco:secure_email_gateway_c695cisco:secure_email_gateway_virtual_appliance_c100vcisco:secure_email_gateway_virtual_appliance_c300vcisco:secure_email_gateway_virtual_appliance_c600vcisco:secure_web_appliance_s196cisco:secure_web_appliance_s396cisco:secure_web_appliance_s696cisco:secure_web_appliance_virtual_s1000vcisco:secure_web_appliance_virtual_s100vcisco:secure_web_appliance_virtual_s300vcisco:secure_web_appliance_virtual_s600v

Faiblesses (CWE)

CWE-80

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n(psirt@cisco.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.