Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-20256

MEDIUM
Published 2024-05-15T17:56:38.074Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-20256. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
4.8
/10
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.000
probability
of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.126
Higher than 12.6% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
NONE

Description

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.

This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Cisco

Cisco Secure Web Appliance

Affected Versions:

11.7.0-406 11.7.0-418 11.7.1-049 11.7.1-006 11.7.1-020 11.7.2-011 11.8.0-414 11.8.1-023 11.8.3-018 11.8.3-021 12.0.1-268 12.0.3-007 12.5.2-007 12.5.1-011 12.5.4-005 12.5.5-004 12.5.6-008 14.5.0-498 14.5.1-016 14.0.3-014 14.0.2-012 14.0.4-005 15.0.0-322
Cisco

Cisco Secure Email and Web Manager

Affected Versions:

9.0.0-087 11.0.0-115 11.0.1-161 11.5.1-105 12.0.0-452 12.0.1-011 12.5.0-636 12.5.0-658 12.5.0-678 12.5.0-670 13.0.0-277 13.6.2-078 13.8.1-068 13.8.1-074 13.8.1-108 12.8.1-002 12.8.1-021 14.0.0-404 14.1.0-223 14.1.0-227 14.2.0-212 14.2.0-224 14.2.1-020 14.3.0-120 15.0.0-334

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-26f5-24g6-27vm

Advisory Details

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-20256
WEB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD

Advisory provided by GitHub Security Advisory Database. Published: May 15, 2024, Modified: May 15, 2024

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD
Published: 2024-05-15T17:56:38.074Z
Last Modified: 2024-08-15T15:29:20.282Z
Copied to clipboard!