Vulnerability-Lookup

CVE-2023-20058 (GCVE-0-2023-20058)

Vulnerability from cvelistv5 – Published: 2023-01-19 01:38 – Updated: 2024-10-25 16:04

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

Vendor

Product

Version

Cisco

Cisco Unified Contact Center Enterprise

Affected: N/A

Cisco	Cisco Unified Contact Center Express	Affected: 11.0(1)SU1 Affected: 12.0(1) Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 11.6(1) Affected: 11.6(2)
Cisco	Cisco Unified Intelligence Center	Affected: 11.0(1) Affected: 11.5(1) Affected: 11.6(1) Affected: 12.0(1) Affected: 12.5(1) Affected: 12.5(1)SU Affected: 12.6(1)
Cisco	Cisco Packaged Contact Center Enterprise	Affected: 11.6(1) Affected: 11.6(2) Affected: 12.0(1) Affected: 12.5(1) Affected: 12.5(2) Affected: 12.6(1)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-cuis-xss-Omm8jyBX",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20058",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:36:44.382026Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:04:17.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Contact Center Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            }
          ]
        },
        {
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            }
          ]
        },
        {
          "product": "Cisco Packaged Contact Center Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "format": "cvssV3_0"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:39.867Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cuis-xss-Omm8jyBX",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuis-xss-Omm8jyBX",
        "defects": [
          "CSCwc84104"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20058",
    "datePublished": "2023-01-19T01:38:26.055Z",
    "dateReserved": "2022-10-27T18:47:50.320Z",
    "dateUpdated": "2024-10-25T16:04:17.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-01-25T16:57:39.867Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\\r\\n\\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.\"}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Contact Center Enterprise\", \"versions\": [{\"version\": \"N/A\", \"status\": \"affected\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Contact Center Express\", \"versions\": [{\"version\": \"11.0(1)SU1\", \"status\": \"affected\"}, {\"version\": \"12.0(1)\", \"status\": \"affected\"}, {\"version\": \"12.5(1)\", \"status\": \"affected\"}, {\"version\": \"12.5(1)SU1\", \"status\": \"affected\"}, {\"version\": \"12.5(1)SU2\", \"status\": \"affected\"}, {\"version\": \"11.6(1)\", \"status\": \"affected\"}, {\"version\": \"11.6(2)\", \"status\": \"affected\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Intelligence Center\", \"versions\": [{\"version\": \"11.0(1)\", \"status\": \"affected\"}, {\"version\": \"11.5(1)\", \"status\": \"affected\"}, {\"version\": \"11.6(1)\", \"status\": \"affected\"}, {\"version\": \"12.0(1)\", \"status\": \"affected\"}, {\"version\": \"12.5(1)\", \"status\": \"affected\"}, {\"version\": \"12.5(1)SU\", \"status\": \"affected\"}, {\"version\": \"12.6(1)\", \"status\": \"affected\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Packaged Contact Center Enterprise\", \"versions\": [{\"version\": \"11.6(1)\", \"status\": \"affected\"}, {\"version\": \"11.6(2)\", \"status\": \"affected\"}, {\"version\": \"12.0(1)\", \"status\": \"affected\"}, {\"version\": \"12.5(1)\", \"status\": \"affected\"}, {\"version\": \"12.5(2)\", \"status\": \"affected\"}, {\"version\": \"12.6(1)\", \"status\": \"affected\"}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\", \"type\": \"cwe\", \"cweId\": \"CWE-79\"}]}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX\", \"name\": \"cisco-sa-cuis-xss-Omm8jyBX\"}], \"metrics\": [{\"format\": \"cvssV3_0\", \"cvssV3_0\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"source\": {\"advisory\": \"cisco-sa-cuis-xss-Omm8jyBX\", \"discovery\": \"EXTERNAL\", \"defects\": [\"CSCwc84104\"]}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:57:35.869Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX\", \"name\": \"cisco-sa-cuis-xss-Omm8jyBX\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-20058\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-25T14:36:44.382026Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T14:41:21.642Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-20058\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"cisco\", \"dateReserved\": \"2022-10-27T18:47:50.320Z\", \"datePublished\": \"2023-01-19T01:38:26.055Z\", \"dateUpdated\": \"2024-10-25T16:04:17.660Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CVE-2023-20058

Vulnerability from fstec - Published: 11.01.2023

Title

Уязвимость веб-интерфейса администрирования программного средства для создания отчетов Cisco Unified Intelligence Center, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

Description

Уязвимость веб-интерфейса администрирования программного средства для создания отчетов Cisco Unified Intelligence Center существует из-за непринятия мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, провести атаку межсайтового скриптинга (XSS)

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vendor

Cisco Systems Inc.

Software Name

Unified Intelligence Center, Cisco Packaged Contact Center Enterprise, Cisco Unified Contact Center Express

Software Version

до 12.5(1) ES02 (Unified Intelligence Center), от 12.6(1) до 12.6(1) ES06 (Unified Intelligence Center), от 12.6(1) ES2 до 12.6(1) ES06 (Unified Intelligence Center), до 12.5(1) SU2 ES05 (Cisco Packaged Contact Center Enterprise), от 12.5(1) SU2 до 12.5(1) SU2 ES05 (Cisco Packaged Contact Center Enterprise), до 12.5(1) ES02 (Cisco Unified Contact Center Express), от 12.5(2) до 12.6(1) ES06 (Cisco Unified Contact Center Express), от 12.6(1) до 12.6(1) ES06 (Cisco Unified Contact Center Express), до 12.5(1) SU2 ES05 (Cisco Unified Contact Center Express), от 12.5(1) SU2 до 12.5(1) SU2 ES05 (Cisco Unified Contact Center Express)

Possible Mitigations

Использование рекомендаций производителя: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX https://vuldb.com/ru/?id.218025

CWE

CWE-79

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 12.5(1) ES02 (Unified Intelligence Center), \u043e\u0442 12.6(1) \u0434\u043e 12.6(1) ES06 (Unified Intelligence Center), \u043e\u0442 12.6(1) ES2 \u0434\u043e 12.6(1) ES06 (Unified Intelligence Center), \u0434\u043e 12.5(1) SU2 ES05 (Cisco Packaged Contact Center Enterprise), \u043e\u0442 12.5(1) SU2 \u0434\u043e 12.5(1) SU2 ES05 (Cisco Packaged Contact Center Enterprise), \u0434\u043e 12.5(1) ES02 (Cisco Unified Contact Center Express), \u043e\u0442 12.5(2) \u0434\u043e 12.6(1) ES06 (Cisco Unified Contact Center Express), \u043e\u0442 12.6(1) \u0434\u043e 12.6(1) ES06 (Cisco Unified Contact Center Express), \u0434\u043e 12.5(1) SU2 ES05 (Cisco Unified Contact Center Express), \u043e\u0442 12.5(1) SU2 \u0434\u043e 12.5(1) SU2 ES05 (Cisco Unified Contact Center Express)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.01.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "07.03.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.03.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-01110",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-20058",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Unified Intelligence Center, Cisco Packaged Contact Center Enterprise, Cisco Unified Contact Center Express",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043e\u0442\u0447\u0435\u0442\u043e\u0432 Cisco Unified Intelligence Center, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS)",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043e\u0442\u0447\u0435\u0442\u043e\u0432 Cisco Unified Intelligence Center \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 (XSS)",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX\nhttps://vuldb.com/ru/?id.218025",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}

GSD-2023-20058

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-20058

Aliases

CVE-2023-20058

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-20058",
    "id": "GSD-2023-20058"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-20058"
      ],
      "details": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",
      "id": "GSD-2023-20058",
      "modified": "2023-12-13T01:20:28.908055Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2023-20058",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Unified Contact Center Enterprise",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "N/A"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Cisco Unified Contact Center Express",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "11.0(1)SU1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.0(1)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.5(1)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.5(1)SU1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.5(1)SU2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "11.6(1)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "11.6(2)"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Cisco Unified Intelligence Center",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "11.0(1)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "11.5(1)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "11.6(1)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.0(1)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.5(1)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.5(1)SU"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.6(1)"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Cisco Packaged Contact Center Enterprise",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "11.6(1)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "11.6(2)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.0(1)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.5(1)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.5(2)"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "12.6(1)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
          }
        ]
      },
      "exploit": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX",
            "refsource": "MISC",
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-cuis-xss-Omm8jyBX",
        "defects": [
          "CSCwc84104"
        ],
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B5AC23CF-847A-4946-9338-DAE9DCF4FD36",
                    "versionEndExcluding": "12.5\\(1\\)_su2_es05",
                    "versionStartIncluding": "9.0\\(1\\)",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "71026A7F-73E9-4A9B-9189-D10130B09D0B",
                    "versionEndExcluding": "12.5\\(1\\)_su2_es05",
                    "versionStartIncluding": "12.5\\(1\\)_su2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5515B7B0-0E16-4284-B6BF-1790E78699E0",
                    "versionEndExcluding": "12.5\\(1\\)_es02",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E1C3570C-01E5-43D6-B416-B10F3AB2C73D",
                    "versionEndExcluding": "12.6\\(1\\)_es06",
                    "versionStartIncluding": "12.5\\(2\\)",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "49442B0B-5847-444F-B19D-9CCE29CBDF6F",
                    "versionEndExcluding": "12.6\\(1\\)_es06",
                    "versionStartIncluding": "12.6\\(1\\)",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "03A8678A-D1C2-4C80-83C9-DD49873D09EA",
                    "versionEndExcluding": "12.5\\(1\\)_su2_es05",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5C6F0F5F-0628-4D64-83AB-9ECAEB993340",
                    "versionEndExcluding": "12.5\\(1\\)_su2_es05",
                    "versionStartIncluding": "12.5\\(1\\)_su2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3A75793A-2FEB-4E2F-9BCF-3339D17DD551",
                    "versionEndExcluding": "12.5\\(1\\)_es02",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F0D850FC-1E64-4766-851E-7928B5F58FCF",
                    "versionEndExcluding": "12.6\\(1\\)_es06",
                    "versionStartIncluding": "12.6\\(1\\)",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3FF76CFD-E98A-4494-AEA0-D3917F0CF607",
                    "versionEndExcluding": "12.6\\(1\\)_es06",
                    "versionStartIncluding": "12.6\\(1\\)_es2",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
          }
        ],
        "id": "CVE-2023-20058",
        "lastModified": "2024-01-25T17:15:28.070",
        "metrics": {
          "cvssMetricV30": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 2.7,
              "source": "ykramarz@cisco.com",
              "type": "Secondary"
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 2.7,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-01-20T07:15:17.633",
        "references": [
          {
            "source": "ykramarz@cisco.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
          }
        ],
        "sourceIdentifier": "ykramarz@cisco.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "ykramarz@cisco.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2023-20058

Vulnerability from fkie_nvd - Published: 2023-01-20 07:15 - Updated: 2024-11-21 07:40

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	packaged_contact_center_enterprise	*
cisco	packaged_contact_center_enterprise	*
cisco	unified_contact_center_enterprise	*
cisco	unified_contact_center_enterprise	*
cisco	unified_contact_center_enterprise	*
cisco	unified_contact_center_express	*
cisco	unified_contact_center_express	*
cisco	unified_intelligence_center	*
cisco	unified_intelligence_center	*
cisco	unified_intelligence_center	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5AC23CF-847A-4946-9338-DAE9DCF4FD36",
              "versionEndExcluding": "12.5\\(1\\)_su2_es05",
              "versionStartIncluding": "9.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71026A7F-73E9-4A9B-9189-D10130B09D0B",
              "versionEndExcluding": "12.5\\(1\\)_su2_es05",
              "versionStartIncluding": "12.5\\(1\\)_su2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5515B7B0-0E16-4284-B6BF-1790E78699E0",
              "versionEndExcluding": "12.5\\(1\\)_es02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C3570C-01E5-43D6-B416-B10F3AB2C73D",
              "versionEndExcluding": "12.6\\(1\\)_es06",
              "versionStartIncluding": "12.5\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49442B0B-5847-444F-B19D-9CCE29CBDF6F",
              "versionEndExcluding": "12.6\\(1\\)_es06",
              "versionStartIncluding": "12.6\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03A8678A-D1C2-4C80-83C9-DD49873D09EA",
              "versionEndExcluding": "12.5\\(1\\)_su2_es05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6F0F5F-0628-4D64-83AB-9ECAEB993340",
              "versionEndExcluding": "12.5\\(1\\)_su2_es05",
              "versionStartIncluding": "12.5\\(1\\)_su2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A75793A-2FEB-4E2F-9BCF-3339D17DD551",
              "versionEndExcluding": "12.5\\(1\\)_es02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0D850FC-1E64-4766-851E-7928B5F58FCF",
              "versionEndExcluding": "12.6\\(1\\)_es06",
              "versionStartIncluding": "12.6\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FF76CFD-E98A-4494-AEA0-D3917F0CF607",
              "versionEndExcluding": "12.6\\(1\\)_es06",
              "versionStartIncluding": "12.6\\(1\\)_es2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de cross-site scripting (XSS) reflejado contra un usuario de la interfaz. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web no valida adecuadamente la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de la interfaz para que haga clic en un enlace manipulado. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador."
    }
  ],
  "id": "CVE-2023-20058",
  "lastModified": "2024-11-21T07:40:27.327",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-20T07:15:17.633",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-J34C-3GP7-29JP

Vulnerability from github – Published: 2023-01-20 09:30 – Updated: 2023-02-06 21:30

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-20058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-20T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",
  "id": "GHSA-j34c-3gp7-29jp",
  "modified": "2023-02-06T21:30:34Z",
  "published": "2023-01-20T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20058"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-20058 (GCVE-0-2023-20058)

CVE-2023-20058

GSD-2023-20058

FKIE_CVE-2023-20058

GHSA-J34C-3GP7-29JP

Tags

Sightings

Nomenclature