CVE-2024-20310 (GCVE-0-2024-20310)
Vulnerability from cvelistv5 – Published: 2024-04-03 16:19 – Updated: 2024-08-01 21:59
VLAI
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Severity
6.1 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
N/A
|
|
| Cisco | Cisco Unified Communications Manager IM and Presence Service |
Affected:
10.5(1)
Affected: 10.5(2) Affected: 10.5(2a) Affected: 10.5(2b) Affected: 10.5(2)SU3 Affected: 10.5(2)SU2a Affected: 10.5(2)SU4a Affected: 10.5(2)SU4 Affected: 10.5(1)SU3 Affected: 10.5(1)SU1 Affected: 10.5(2)SU1 Affected: 10.5(2)SU2 Affected: 10.5(1)SU2 Affected: 11.5(1) Affected: 11.5(1)SU1 Affected: 11.5(1)SU2 Affected: 11.5(1)SU3 Affected: 11.5(1)SU3a Affected: 11.5(1)SU4 Affected: 11.5(1)SU5 Affected: 11.5(1)SU5a Affected: 11.5(1)SU6 Affected: 11.5(1)SU7 Affected: 11.5(1)SU8 Affected: 11.5(1)SU9 Affected: 11.5(1)SU10 Affected: 11.5(1)SU11 Affected: 11.0(1) Affected: 11.0(1)SU1 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 12.5(1)SU7 Affected: 14 Affected: 14SU1 Affected: 14SU2 Affected: 14SU2a Affected: 10.0(1) Affected: 10.0(1)SU1 Affected: 10.0(1)SU2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2a\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2b\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su2a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su4a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su11"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su3a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su5"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su5a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su6"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su7"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su8"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su9"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.0\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.0\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su5"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su6"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su7"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "14.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "14.0su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.0\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.0\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.0\\(1\\)su2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:58:41.263017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T16:23:39.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-imps-xss-quWkd9yF",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2a)"
},
{
"status": "affected",
"version": "10.5(2b)"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(1)SU3"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU5a"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T16:36:06.520Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-imps-xss-quWkd9yF",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
}
],
"source": {
"advisory": "cisco-sa-cucm-imps-xss-quWkd9yF",
"defects": [
"CSCwf41335"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20310",
"datePublished": "2024-04-03T16:19:40.031Z",
"dateReserved": "2023-11-08T15:08:07.631Z",
"dateUpdated": "2024-08-01T21:59:41.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-20310",
"date": "2026-05-30",
"epss": "0.00162",
"percentile": "0.36933"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\\r\\n\\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la interfaz basada en web de Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) podr\\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross Site Scripting (XSS) contra un usuario autenticado de la interfaz. Esta vulnerabilidad existe porque la interfaz de administraci\\u00f3n basada en web no valida adecuadamente la entrada proporcionada por el usuario. Un atacante podr\\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario autenticado de la interfaz para que haga clic en un enlace manipulado. Un exploit exitoso podr\\u00eda permitir al atacante ejecutar c\\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\\u00f3n confidencial basada en el navegador.\"}]",
"id": "CVE-2024-20310",
"lastModified": "2024-11-21T08:52:19.497",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
"published": "2024-04-03T17:15:48.513",
"references": "[{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-23\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-20310\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2024-04-03T17:15:48.513\",\"lastModified\":\"2025-08-01T18:52:58.220\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\\r\\n\\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz basada en web de Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross Site Scripting (XSS) contra un usuario autenticado de la interfaz. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web no valida adecuadamente la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario autenticado de la interfaz para que haga clic en un enlace manipulado. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-23\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD968EF-BBC1-427E-9CD8-D5928D8ACDBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8A77870-605E-4186-B45A-79D3EFFCC496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\\\(1\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8C0FB91-D152-4814-84C0-911A21EAE69E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07CA186C-F010-4C41-9F27-56639DF8D0EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"389312AC-4768-439D-93FC-868841151EEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A912842-76D8-4CF8-BC7A-3D189BCC0C6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(1\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A33F68D7-77BB-4F48-9839-9F5B17CC6242\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF58FA68-5EEC-47A2-AD8C-2342B449741D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"598974FC-1388-404B-BB14-56C4CF8B6296\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19674018-01CF-42CB-84AE-896D783C95DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"754348C2-028E-4125-8B81-A285DB72963B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26E552E4-A519-4D64-99F0-DE2DBF214085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B66E34B-6E58-4BC9-A003-99626CD3C4A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAC2B99F-5426-4E3F-883A-98FB464639BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB1A2B7C-5176-463A-80D6-7A858A43A27E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2b\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEFF49F2-8957-452B-A966-F508D0B57793\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABAD4CA1-E77D-48EC-8C84-2B184D003E34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5789C97A-CCA7-4B41-ADD4-08B062500135\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34D89C42-AAD9-4B04-9F95-F77681E39553\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F21F92F-B96A-47F4-9E9D-4740C1E90FB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91E4DACD-BD48-4C47-97BA-0FCDADF9EC70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF0950B5-C1DE-44E6-8976-2760DA1738DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD6C1CC-60AD-46E0-851B-382C3E1B6294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"566158C9-D3F6-4596-AAAD-93CA8E020049\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DADCFF5C-5B65-412E-AAD4-6E75DF91C372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2FA64AE-41CD-4377-AA9B-0A9A7B636EF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFAAA645-16BC-4CC4-A7DA-E9376AB69C70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C73DA9AE-07F7-4D03-A0A6-ECAF214A4BB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04251334-E627-42D0-A790-E50A4332D16B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9DA086C-4291-41AB-AE80-1C3D0908A379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03B1100A-FC8C-4B81-A3BF-36276DBF2F17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67EE425C-8510-443A-AA50-45E04A1419D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAAAAF61-C33F-462B-B7C4-9F976235888A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00310A4E-8CC5-4AE4-ACC3-80F1066D4EDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28D2915C-E4C2-404B-BC2E-10FAAE34A98B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC46928-718B-4CCB-AE4F-A974ACD52AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA6FDB4C-ABA5-418A-81DC-C1735F3F6795\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC698BDD-2C43-4F6B-BD9A-29FE9A03449B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46366B52-A3BE-43B6-9861-1ED8271E224C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E32FBC94-72DA-4467-8A63-74C3A3AF7FC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F161FAB-C375-4F2D-BF13-1645BA6A06F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E67BA8A5-6641-4710-A968-82A88A1361C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4838F8D3-ADE8-4CD5-9A3D-31B0D97DC7CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"092B2D7F-ED1B-49BA-B61D-0AA832D9A47D\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF\", \"name\": \"cisco-sa-cucm-imps-xss-quWkd9yF\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:59:41.851Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-20310\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-03T17:58:41.263017Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(1\\\\):*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(1\\\\)\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\):*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2\\\\)\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2a\\\\):*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2a\\\\)\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2b\\\\):*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2b\\\\)\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su3:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2\\\\)su3\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su2a:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2\\\\)su2a\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su4a:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2\\\\)su4a\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su4:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2\\\\)su4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su3:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2\\\\)su3\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(1\\\\)su1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(1\\\\)su2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(1\\\\)su1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su1:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2\\\\)su1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su2:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2\\\\)su2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(1\\\\)su1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su1:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2\\\\)su1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(2\\\\)su2:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(2\\\\)su2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5\\\\(1\\\\)su2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\):*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su11:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)su11\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)su2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su3:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)su3\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su3a:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)su3a\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su4:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)su4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su5:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)su5\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su5a:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)su5a\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su6:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)su6\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su7:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)su7\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su8:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)su8\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\\\(1\\\\)su9:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5\\\\(1\\\\)su9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\\\(1\\\\):*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0\\\\(1\\\\)\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\\\(1\\\\)su1:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0\\\\(1\\\\)su1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\):*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.5\\\\(1\\\\)\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.5\\\\(1\\\\)su1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.5\\\\(1\\\\)su2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su3:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.5\\\\(1\\\\)su3\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su4:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.5\\\\(1\\\\)su4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su5:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.5\\\\(1\\\\)su5\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su6:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.5\\\\(1\\\\)su6\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\\\(1\\\\)su7:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.5\\\\(1\\\\)su7\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.0su1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\\\(1\\\\):*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0\\\\(1\\\\)\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\\\(1\\\\)su1:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0\\\\(1\\\\)su1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\\\(1\\\\)su2:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"unified_communications_manager_im_and_presence_service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0\\\\(1\\\\)su2\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-20T16:37:04.078Z\"}}], \"cna\": {\"source\": {\"defects\": [\"CSCwf41335\"], \"advisory\": \"cisco-sa-cucm-imps-xss-quWkd9yF\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS XE Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Communications Manager IM and Presence Service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5(1)\"}, {\"status\": \"affected\", \"version\": \"10.5(2)\"}, {\"status\": \"affected\", \"version\": \"10.5(2a)\"}, {\"status\": \"affected\", \"version\": \"10.5(2b)\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU3\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU2a\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU4a\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU4\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU1\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU2\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"11.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU3a\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU4\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU5\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU5a\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU6\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU7\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU8\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU9\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU10\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU11\"}, {\"status\": \"affected\", \"version\": \"11.0(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU4\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU5\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU6\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU7\"}, {\"status\": \"affected\", \"version\": \"14\"}, {\"status\": \"affected\", \"version\": \"14SU1\"}, {\"status\": \"affected\", \"version\": \"14SU2\"}, {\"status\": \"affected\", \"version\": \"14SU2a\"}, {\"status\": \"affected\", \"version\": \"10.0(1)\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU2\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF\", \"name\": \"cisco-sa-cucm-imps-xss-quWkd9yF\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\\r\\n\\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-23\", \"description\": \"Relative Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-04-03T16:36:06.520Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-20310\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:59:41.851Z\", \"dateReserved\": \"2023-11-08T15:08:07.631Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-04-03T16:19:40.031Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…