Lucene search

[email protected]CVE-2020-3282

HistoryJul 02, 2020 - 1:15 p.m.

CVE-2020-3282

2020-07-0213:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cisco

unified communications manager

xss

vulnerability

web-based management

cisco unity connection

cve-2020-3282

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

51.3%

JSON

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Affected configurations

NVD

Node

ciscounified_communications_managerRange10.5\(2\)–10.5\(2\)su10

ciscounified_communications_managerRange10.5\(2\)–10.5\(2\)su10session_management

ciscounified_communications_managerRange11.5\(1\)–11.5\(1\)su8

ciscounified_communications_managerRange11.5\(1\)–11.5\(1\)su8session_management

ciscounified_communications_managerMatch12.0\(1\)

ciscounified_communications_managerMatch12.0\(1\)session_management

ciscounified_communications_managerMatch12.5\(1\)

ciscounified_communications_managerMatch12.5\(1\)session_management

ciscounified_communications_manager_im_and_presence_serviceRange10.5\(2\)–10.5\(2\)su10

ciscounified_communications_manager_im_and_presence_serviceRange11.5\(1\)–11.5\(1\)su8

ciscounified_communications_manager_im_and_presence_serviceMatch12.0\(1\)

ciscounified_communications_manager_im_and_presence_serviceMatch12.5\(1\)

ciscounity_connectionRange10.5\(2\)–10.5\(2\)su10

ciscounity_connectionRange11.5\(1\)–11.5\(1\)su8

ciscounity_connectionMatch12.0\(1\)

ciscounity_connectionMatch12.5\(1\)

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managerlt10.5\(2\)su10
cisco:unified_communications_managercisco unified communications managerlt11.5\(1\)su8
cisco:unified_communications_managercisco unified communications managereq12.0\(1\)
cisco:unified_communications_managercisco unified communications managereq12.5\(1\)
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence servicelt10.5\(2\)su10
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence servicelt11.5\(1\)su8
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence serviceeq12.0\(1\)
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence serviceeq12.5\(1\)
cisco:unity_connectioncisco unity connectionlt10.5\(2\)su10
cisco:unity_connectioncisco unity connectionlt11.5\(1\)su8

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	lt	10.5\(2\)su10
cisco:unified_communications_manager	cisco unified communications manager	lt	11.5\(1\)su8
cisco:unified_communications_manager	cisco unified communications manager	eq	12.0\(1\)
cisco:unified_communications_manager	cisco unified communications manager	eq	12.5\(1\)
cisco:unified_communications_manager_im_and_presence_service	cisco unified communications manager im and presence service	lt	10.5\(2\)su10
cisco:unified_communications_manager_im_and_presence_service	cisco unified communications manager im and presence service	lt	11.5\(1\)su8
cisco:unified_communications_manager_im_and_presence_service	cisco unified communications manager im and presence service	eq	12.0\(1\)
cisco:unified_communications_manager_im_and_presence_service	cisco unified communications manager im and presence service	eq	12.5\(1\)
cisco:unity_connection	cisco unity connection	lt	10.5\(2\)su10
cisco:unity_connection	cisco unity connection	lt	11.5\(1\)su8

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Cisco Unity Connection ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

51.3%

JSON

Related for CVE-2020-3282

nvd1 cvelist1 cisco1 nessus3 prion1