Lucene search

[email protected]CVE-2023-20120

HistoryJun 28, 2023 - 3:15 p.m.

CVE-2023-20120

2023-06-2815:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-20120

cisco

asyncos software

xss

cross-site scripting

vulnerabilities

nvd

advisory

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

NVD

Node

ciscosecure_email_and_web_managerMatch14.0.0-418

ciscosecure_email_and_web_managerMatch14.0.1-033

ciscosecure_email_and_web_managerMatch14.0.1-053

ciscosecure_email_and_web_managerMatch15.0.0-050

ciscosecure_email_and_web_managerMatch15.0.0-256

ciscosecure_email_gatewayMatch14.0.0-418

ciscosecure_email_gatewayMatch14.0.1-033

ciscosecure_email_gatewayMatch14.0.1-053

ciscosecure_email_gatewayMatch15.0.0-050

ciscosecure_email_gatewayMatch15.0.0-256

ciscoweb_security_applianceMatch14.0.0-418

ciscoweb_security_applianceMatch14.0.1-033

ciscoweb_security_applianceMatch14.0.1-053

ciscoweb_security_applianceMatch15.0.0-050

ciscoweb_security_applianceMatch15.0.0-256

CPENameOperatorVersion
cisco:secure_email_and_web_managercisco secure email and web managereq14.0.0-418
cisco:secure_email_and_web_managercisco secure email and web managereq14.0.1-033
cisco:secure_email_and_web_managercisco secure email and web managereq14.0.1-053
cisco:secure_email_and_web_managercisco secure email and web managereq15.0.0-050
cisco:secure_email_and_web_managercisco secure email and web managereq15.0.0-256
cisco:secure_email_gatewaycisco secure email gatewayeq14.0.0-418
cisco:secure_email_gatewaycisco secure email gatewayeq14.0.1-033
cisco:secure_email_gatewaycisco secure email gatewayeq14.0.1-053
cisco:secure_email_gatewaycisco secure email gatewayeq15.0.0-050
cisco:secure_email_gatewaycisco secure email gatewayeq15.0.0-256

CPE	Name	Operator	Version
cisco:secure_email_and_web_manager	cisco secure email and web manager	eq	14.0.0-418
cisco:secure_email_and_web_manager	cisco secure email and web manager	eq	14.0.1-033
cisco:secure_email_and_web_manager	cisco secure email and web manager	eq	14.0.1-053
cisco:secure_email_and_web_manager	cisco secure email and web manager	eq	15.0.0-050
cisco:secure_email_and_web_manager	cisco secure email and web manager	eq	15.0.0-256
cisco:secure_email_gateway	cisco secure email gateway	eq	14.0.0-418
cisco:secure_email_gateway	cisco secure email gateway	eq	14.0.1-033
cisco:secure_email_gateway	cisco secure email gateway	eq	14.0.1-053
cisco:secure_email_gateway	cisco secure email gateway	eq	15.0.0-050
cisco:secure_email_gateway	cisco secure email gateway	eq	15.0.0-256

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Web Security Appliance (WSA) ",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]