Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-20367

Disclosure Date: April 03, 2024 •

CVE-2024-20367

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Cisco Enterprise Chat and Email 11.5(1)

Cisco Enterprise Chat and Email 11.6(1)

Cisco Enterprise Chat and Email 11.6(1)_ES2

Cisco Enterprise Chat and Email 11.6(1)_ES3

Cisco Enterprise Chat and Email 11.6(1)_ES4

Cisco Enterprise Chat and Email 11.6(1)_ES5

Cisco Enterprise Chat and Email 11.6(1)_ES6

Cisco Enterprise Chat and Email 11.6(1)_ES10

Cisco Enterprise Chat and Email 11.6(1)_ES11

Cisco Enterprise Chat and Email 11.6(1)_ES7

Cisco Enterprise Chat and Email 11.6(1)_ES8

Cisco Enterprise Chat and Email 11.6(1)_ES9

Cisco Enterprise Chat and Email 11.6(1)_ES9a

Cisco Enterprise Chat and Email 11.6(1)_ES12

Cisco Enterprise Chat and Email 12.0(1)

Cisco Enterprise Chat and Email 12.0(1)_ES1

Cisco Enterprise Chat and Email 12.0(1)_ES2

Cisco Enterprise Chat and Email 12.0(1)_ES3

Cisco Enterprise Chat and Email 12.0(1)_ES4

Cisco Enterprise Chat and Email 12.0(1)_ES5

Cisco Enterprise Chat and Email 12.0(1)_ES5a

Cisco Enterprise Chat and Email 12.0(1)_ES6

Cisco Enterprise Chat and Email 12.0(1)_ES6_ET1

Cisco Enterprise Chat and Email 12.0(1)_ES6_ET2

Cisco Enterprise Chat and Email 12.0(1)_ES6_ET3

Cisco Enterprise Chat and Email 12.0(1)_ES7

Cisco Enterprise Chat and Email 12.0(1)_ES7_ET1

Cisco Enterprise Chat and Email 12.5(1)

Cisco Enterprise Chat and Email 12.5(1)_ES1

Cisco Enterprise Chat and Email 12.5(1)_ES2

Cisco Enterprise Chat and Email 12.5(1)_ES3

Cisco Enterprise Chat and Email 12.5(1)_ES3_ET1

Cisco Enterprise Chat and Email 12.5(1)_ET1

Cisco Enterprise Chat and Email 12.5(1)_ES4

Cisco Enterprise Chat and Email 12.5(1)_ES3_ET2

Cisco Enterprise Chat and Email 12.5(1)_ES4_ET1

Cisco Enterprise Chat and Email 12.5(1)_ES5

Cisco Enterprise Chat and Email 12.5(1)_ES5_ET1

Cisco Enterprise Chat and Email 12.5(1)_ES6

Cisco Enterprise Chat and Email 12.5(1)_ES7

Cisco Enterprise Chat and Email 12.5(1)_ES8

Cisco Enterprise Chat and Email 12.6(1)

Cisco Enterprise Chat and Email 12.6(1)_ET1

Cisco Enterprise Chat and Email 12.6(1)_ET2

Cisco Enterprise Chat and Email 12.6(1)_ES1

Cisco Enterprise Chat and Email 12.6(1)_ET3

Cisco Enterprise Chat and Email 12.6(1)_ES1_ET1

Cisco Enterprise Chat and Email 12.6(1)_ES2

Cisco Enterprise Chat and Email 12.6(1)_ES3

Cisco Enterprise Chat and Email 12.6(1)_ES4

Cisco Enterprise Chat and Email 12.6(1)_ES4_ET1

Cisco Enterprise Chat and Email 12.6(1)_ES5

Cisco Enterprise Chat and Email 12.6(1)_ES5_ET1

Cisco Enterprise Chat and Email 12.6(1)_ES5_ET2

Cisco Enterprise Chat and Email 12.6(1)_ES6

Cisco Enterprise Chat and Email 12.6(1)_ES6_ET1

Cisco Enterprise Chat and Email 12.6(1)_ES6_ET2

Cisco Enterprise Chat and Email 12.6_ES2_ET1

Cisco Enterprise Chat and Email 12.6_ES2_ET2

Cisco Enterprise Chat and Email 12.6_ES2_ET3

Cisco Enterprise Chat and Email 12.6_ES2_ET4

Cisco Enterprise Chat and Email 12.6_ES3_ET1

Cisco Enterprise Chat and Email 12.6_ES3_ET2

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Cisco

Products

Cisco Enterprise Chat and Email

References

Canonical

CVE-2024-20367 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20367)

Miscellaneous

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CSQxgxfM

Rapid7

Unknown

CVE-2024-20367

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-20367

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-20367

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-20367

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification