CVE-2023-20058
Published Jan 20, 2023
Last updated 10 months ago
Overview
- Description
- A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5AC23CF-847A-4946-9338-DAE9DCF4FD36",
"versionEndExcluding": "12.5\\(1\\)_su2_es05",
"versionStartIncluding": "9.0\\(1\\)"
},
{
"criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71026A7F-73E9-4A9B-9189-D10130B09D0B",
"versionEndExcluding": "12.5\\(1\\)_su2_es05",
"versionStartIncluding": "12.5\\(1\\)_su2"
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5515B7B0-0E16-4284-B6BF-1790E78699E0",
"versionEndExcluding": "12.5\\(1\\)_es02"
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1C3570C-01E5-43D6-B416-B10F3AB2C73D",
"versionEndExcluding": "12.6\\(1\\)_es06",
"versionStartIncluding": "12.5\\(2\\)"
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49442B0B-5847-444F-B19D-9CCE29CBDF6F",
"versionEndExcluding": "12.6\\(1\\)_es06",
"versionStartIncluding": "12.6\\(1\\)"
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03A8678A-D1C2-4C80-83C9-DD49873D09EA",
"versionEndExcluding": "12.5\\(1\\)_su2_es05"
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C6F0F5F-0628-4D64-83AB-9ECAEB993340",
"versionEndExcluding": "12.5\\(1\\)_su2_es05",
"versionStartIncluding": "12.5\\(1\\)_su2"
},
{
"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A75793A-2FEB-4E2F-9BCF-3339D17DD551",
"versionEndExcluding": "12.5\\(1\\)_es02"
},
{
"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0D850FC-1E64-4766-851E-7928B5F58FCF",
"versionEndExcluding": "12.6\\(1\\)_es06",
"versionStartIncluding": "12.6\\(1\\)"
},
{
"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FF76CFD-E98A-4494-AEA0-D3917F0CF607",
"versionEndExcluding": "12.6\\(1\\)_es06",
"versionStartIncluding": "12.6\\(1\\)_es2"
}
],
"operator": "OR"
}
]
}
]