CVE-2023-20028

Published Jun 28, 2023

Last updated a year ago

CVSS medium 5.4

Overview

Description: Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
ykramarz@cisco.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-418:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91A23056-1521-4982-8F4D-BCDB6F9E98EE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-033:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9897B99-0295-4D4D-8EE7-88FB5BC97123"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-053:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "286B37A2-A7B1-44D9-A2BD-56F9C26195A7"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-050:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3774F588-98E5-4197-B858-FF83B5838265"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-256:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99A048C2-7352-4ED5-990F-95467AAB022C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_email_gateway:14.0.0-418:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02212FE3-CEE6-4609-B9AE-CD228F4ADFFC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-033:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0DB52EF-1542-4665-AC44-F1E3B074B615"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-053:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "615DD221-9200-41D1-9DAF-CC8BEB67342C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-050:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AEA665F-86B3-4AA6-9E99-6F935264222A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-256:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "988AAD9A-B4FD-42C5-B222-53A4E69CE87E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:14.0.0-418:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A694B4F-D454-405B-B620-A899543DA2E8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-033:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB812B1F-3E7E-4AD6-9AA3-241B957A0047"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-053:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDE6AB7B-561D-4D50-907B-605CD0649A98"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-050:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B71B523B-95F6-463F-B96B-9C301B6FFA9B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-256:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DFDA027-9BED-4DB5-804D-A192FF8138CF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References