Lucene search
HistoryAug 16, 2023 - 9:15 p.m.
CVE-2023-20228
cisco
imc
web-based management interface
vulnerability
xss
nvd
cve-2023-20228
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
27.1%
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Affected configurations
Node
ciscoencs_5100_firmwareRange3.2–3.2.15.1
ciscoencs_5100Match-
Node
ciscoencs_5400_firmwareRange3.2–3.2.15.1
ciscoencs_5400Match-
Node
ciscoucs_c220_m5_rack_server_firmwareRange4.2–4.3.2.230207
ciscoucs_c220_m5_rack_serverMatch-
Node
ciscoucs_e160s_m3_firmwareRange<3.2.15.1
ciscoucs_e160s_m3Match-
Node
ciscoucs_e180d_m3_firmwareRange<3.2.15.1
ciscoucs_e180d_m3Match-
Node
ciscoucs-e1120d-m3_firmwareRange<3.2.15.1
ciscoucs-e1120d-m3Match-
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco:encs_5100_firmware | cisco encs 5100 firmware | lt | 3.2.15.1 |
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco Identity Services Engine Software",
"versions": [
{
"version": "N/A",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco Unified Computing System (Standalone)",
"versions": [
{
"version": "3.1(1d)",
"status": "affected"
},
{
"version": "3.1(2b)",
"status": "affected"
},
{
"version": "3.1(2c)",
"status": "affected"
},
{
"version": "3.1(2d)",
"status": "affected"
},
{
"version": "3.1(2e)",
"status": "affected"
},
{
"version": "3.1(2g)",
"status": "affected"
},
{
"version": "3.1(2i)",
"status": "affected"
},
{
"version": "3.1(3a)",
"status": "affected"
},
{
"version": "3.1(3b)",
"status": "affected"
},
{
"version": "3.1(3c)",
"status": "affected"
},
{
"version": "3.1(3d)",
"status": "affected"
},
{
"version": "3.1(3g)",
"status": "affected"
},
{
"version": "3.1(3h)",
"status": "affected"
},
{
"version": "3.1(3i)",
"status": "affected"
},
{
"version": "3.1(3j)",
"status": "affected"
},
{
"version": "3.1(3k)",
"status": "affected"
},
{
"version": "4.0(1.240)",
"status": "affected"
},
{
"version": "4.0(1a)",
"status": "affected"
},
{
"version": "4.0(1b)",
"status": "affected"
},
{
"version": "4.0(1c)",
"status": "affected"
},
{
"version": "4.0(1d)",
"status": "affected"
},
{
"version": "4.0(1e)",
"status": "affected"
},
{
"version": "4.0(1g)",
"status": "affected"
},
{
"version": "4.0(1h)",
"status": "affected"
},
{
"version": "4.0(2c)",
"status": "affected"
},
{
"version": "4.0(2d)",
"status": "affected"
},
{
"version": "4.0(2f)",
"status": "affected"
},
{
"version": "4.0(2g)",
"status": "affected"
},
{
"version": "4.0(2h)",
"status": "affected"
},
{
"version": "4.0(2i)",
"status": "affected"
},
{
"version": "4.0(2l)",
"status": "affected"
},
{
"version": "4.0(2n)",
"status": "affected"
},
{
"version": "4.0(4b)",
"status": "affected"
},
{
"version": "4.0(4c)",
"status": "affected"
},
{
"version": "4.0(4d)",
"status": "affected"
},
{
"version": "4.0(4e)",
"status": "affected"
},
{
"version": "4.0(4f)",
"status": "affected"
},
{
"version": "4.0(4h)",
"status": "affected"
},
{
"version": "4.0(4i)",
"status": "affected"
},
{
"version": "4.0(4k)",
"status": "affected"
},
{
"version": "4.0(4l)",
"status": "affected"
},
{
"version": "4.0(4m)",
"status": "affected"
},
{
"version": "4.0(2o)",
"status": "affected"
},
{
"version": "4.0(2p)",
"status": "affected"
},
{
"version": "4.0(4n)",
"status": "affected"
},
{
"version": "4.0(2q)",
"status": "affected"
},
{
"version": "4.0(2r)",
"status": "affected"
},
{
"version": "4.1(1c)",
"status": "affected"
},
{
"version": "4.1(1d)",
"status": "affected"
},
{
"version": "4.1(1f)",
"status": "affected"
},
{
"version": "4.1(1g)",
"status": "affected"
},
{
"version": "4.1(2a)",
"status": "affected"
},
{
"version": "4.1(1h)",
"status": "affected"
},
{
"version": "4.1(2b)",
"status": "affected"
},
{
"version": "4.1(2f)",
"status": "affected"
},
{
"version": "4.1(2e)",
"status": "affected"
},
{
"version": "4.1(3b)",
"status": "affected"
},
{
"version": "4.1(2d)",
"status": "affected"
},
{
"version": "4.1(3c)",
"status": "affected"
},
{
"version": "4.1(3d)",
"status": "affected"
},
{
"version": "4.1(2g)",
"status": "affected"
},
{
"version": "4.1(3f)",
"status": "affected"
},
{
"version": "4.1(2h)",
"status": "affected"
},
{
"version": "4.1(2j)",
"status": "affected"
},
{
"version": "4.1(2k)",
"status": "affected"
},
{
"version": "4.1(2l)",
"status": "affected"
},
{
"version": "4.1(3h)",
"status": "affected"
},
{
"version": "4.1(3i)",
"status": "affected"
},
{
"version": "4.1(3l)",
"status": "affected"
},
{
"version": "4.2(1a)",
"status": "affected"
},
{
"version": "4.2(1b)",
"status": "affected"
},
{
"version": "4.2(1c)",
"status": "affected"
},
{
"version": "4.2(1e)",
"status": "affected"
},
{
"version": "4.2(1f)",
"status": "affected"
},
{
"version": "4.2(1g)",
"status": "affected"
},
{
"version": "4.2(1i)",
"status": "affected"
},
{
"version": "4.2(1j)",
"status": "affected"
},
{
"version": "4.2(2a)",
"status": "affected"
},
{
"version": "4.2(2f)",
"status": "affected"
},
{
"version": "4.2(2g)",
"status": "affected"
},
{
"version": "4.2(3b)",
"status": "affected"
},
{
"version": "4.2(3d)",
"status": "affected"
},
{
"version": "4.2(3e)",
"status": "affected"
},
{
"version": "4.3(1.230097)",
"status": "affected"
},
{
"version": "4.3(1.230124)",
"status": "affected"
},
{
"version": "4.3(1.230138)",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"versions": [
{
"version": "2.1.0",
"status": "affected"
},
{
"version": "2.4.0",
"status": "affected"
},
{
"version": "2.4.1",
"status": "affected"
},
{
"version": "2.4.2",
"status": "affected"
},
{
"version": "3.2.1",
"status": "affected"
},
{
"version": "3.2.2",
"status": "affected"
},
{
"version": "3.2.3",
"status": "affected"
},
{
"version": "3.2.4",
"status": "affected"
},
{
"version": "3.2.6",
"status": "affected"
},
{
"version": "3.2.7",
"status": "affected"
},
{
"version": "3.2.10",
"status": "affected"
},
{
"version": "3.2.11.1",
"status": "affected"
},
{
"version": "3.2.8",
"status": "affected"
},
{
"version": "3.2.11.3",
"status": "affected"
},
{
"version": "3.2.11.5",
"status": "affected"
},
{
"version": "3.2.12.2",
"status": "affected"
},
{
"version": "3.2.13.6",
"status": "affected"
},
{
"version": "3.2.14",
"status": "affected"
},
{
"version": "3.1.1",
"status": "affected"
},
{
"version": "3.1.2",
"status": "affected"
},
{
"version": "3.1.3",
"status": "affected"
},
{
"version": "3.1.4",
"status": "affected"
},
{
"version": "3.1.5",
"status": "affected"
},
{
"version": "3.1.0",
"status": "affected"
},
{
"version": "3.0.1",
"status": "affected"
},
{
"version": "3.0.2",
"status": "affected"
},
{
"version": "2.3.1",
"status": "affected"
},
{
"version": "2.3.2",
"status": "affected"
},
{
"version": "2.3.3",
"status": "affected"
},
{
"version": "2.3.5",
"status": "affected"
},
{
"version": "2.2.1",
"status": "affected"
},
{
"version": "2.2.2",
"status": "affected"
},
{
"version": "2.0.0",
"status": "affected"
},
{
"version": "2.10",
"status": "affected"
},
{
"version": "3.06",
"status": "affected"
},
{
"version": "3.02",
"status": "affected"
},
{
"version": "4.11.1",
"status": "affected"
}
]
}
]Related
prion
prion
Cross site scripting
2023-08-16 21:15:00
cvelist
cvelist
CVE-2023-20228
2023-08-16 20:59:07
cisco
cisco
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
2023-08-16 16:00:00
nvd
nvd
CVE-2023-20228
2023-08-16 21:15:09
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
27.1%
Related for CVE-2023-20228