Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2023-20119

Disclosure Date: June 21, 2023 •

CVE-2023-20119 CVSS v3 Base Score: 6.1

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.1 Medium

Impact Score:

2.7

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Changed

Confidentiality (C):

Low

Integrity (I):

Low

Availability (A):

None

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Cisco Secure Email and Web Manager 11.0.0-115

Cisco Secure Email and Web Manager 11.0.1-161

Cisco Secure Email and Web Manager 11.5.1-105

Cisco Secure Email and Web Manager 12.0.0-452

Cisco Secure Email and Web Manager 12.0.1-011

Cisco Secure Email and Web Manager 12.5.0-636

Cisco Secure Email and Web Manager 12.5.0-658

Cisco Secure Email and Web Manager 12.5.0-678

Cisco Secure Email and Web Manager 12.5.0-670

Cisco Secure Email and Web Manager 13.0.0-277

Cisco Secure Email and Web Manager 13.6.2-078

Cisco Secure Email and Web Manager 13.8.1-068

Cisco Secure Email and Web Manager 13.8.1-074

Cisco Secure Email and Web Manager 13.8.1-108

Cisco Secure Email and Web Manager 12.8.1-002

Cisco Secure Email and Web Manager 12.8.1-021

Cisco Secure Email and Web Manager 14.0.0-404

Cisco Secure Email and Web Manager 14.1.0-223

Cisco Secure Email and Web Manager 14.1.0-227

Cisco Secure Email and Web Manager 14.2.0-212

Cisco Secure Email and Web Manager 14.2.0-224

Cisco Secure Email and Web Manager 14.2.1-020

Cisco Secure Email and Web Manager 14.3.0-120

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

cisco

Products

References

Canonical

CVE-2023-20119 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20119)

Advisory

20230621 Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq)

Rapid7

Unknown

CVE-2023-20119

Unknown

Unknown

Required

None

Network

CVE-2023-20119

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2023-20119

Unknown

Unknown

Required

None

Network

CVE-2023-20119

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification