CVE-2024-20504
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/11/2024
Last modified:
07/08/2025
Description
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.<br />
<br />
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:asyncos:14.0.0-698:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:14.2.0-620:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:14.2.1-020:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:14.3.0-032:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:15.0.0-104:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:15.0.1-030:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:15.5.0-048:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:15.5.1-055:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c100v:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c300v:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c600v:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:secure_email_gateway_c195:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:secure_email_gateway_c395:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:secure_email_gateway_c695:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:14.0.0-404:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page