CVE-2024-20310

Published: Apr 3, 2024Modified: Aug 1, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Affected (44)

Products: Cisco: Unified Communications Manager Im And Presence Service

Cisco

1 product

Unified Communications Manager Im And Presence Service

Configuration A

44 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Communications Manager Im And Presence Service	Version 10.0(1)
Cisco Unified Communications Manager Im And Presence Service	Version 10.0(1)su1
Cisco Unified Communications Manager Im And Presence Service	Version 10.0(1)su2
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(1)
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(1)su1
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(1)su2
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(1)su3
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su1
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su2
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su2a
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su3
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su4
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su4a
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2a)
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2b)
Cisco Unified Communications Manager Im And Presence Service	Version 11.0(1)
Cisco Unified Communications Manager Im And Presence Service	Version 11.0(1)su1
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su10
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su11
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su1
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su2
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su3
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su3a
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su4
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su5
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su5a
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su6
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su7
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su8
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su9
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su1
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su2
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su3
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su4
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su5
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su6
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su7
Cisco Unified Communications Manager Im And Presence Service	Version 14.0
Cisco Unified Communications Manager Im And Presence Service	Version 14.0su1
Cisco Unified Communications Manager Im And Presence Service	Version 14.0su2
Cisco Unified Communications Manager Im And Presence Service	Version 14.0su2a

Related CWEs

CWE-23

Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF

Source: psirt@cisco.com

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.