Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-20504

MEDIUM
Published 2024-11-06T16:29:37.791Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-20504. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
5.4
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.000
probability
of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.138
Higher than 13.8% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
NONE

Description

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.

This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Cisco

Cisco Secure Email

Affected Versions:

14.0.0-698 14.2.0-620 14.2.1-020 14.3.0-032 15.0.0-104 15.0.1-030 15.5.0-048 15.5.1-055
Cisco

Cisco Secure Email and Web Manager

Affected Versions:

14.0.0-404 14.1.0-223 14.1.0-227 14.2.0-212 14.2.0-224 14.2.1-020 14.3.0-120 15.0.0-334 15.5.1-024 15.5.1-029
Cisco

Cisco Secure Web Appliance

Affected Versions:

14.1.0-032 14.1.0-047 14.1.0-041 14.0.2-012 14.5.0-498 14.0.3-014 14.0.4-005 14.5.1-008 14.5.1-016 15.0.0-355 15.0.0-322 15.1.0-287 14.5.2-011 15.2.0-116 14.0.5-007 15.2.0-164 14.5.1-510 14.5.1-607 14.5.3-033

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-r49w-9hvc-8fg7

Advisory Details

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-20504
WEB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n

Advisory provided by GitHub Security Advisory Database. Published: November 6, 2024, Modified: November 6, 2024

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n
Published: 2024-11-06T16:29:37.791Z
Last Modified: 2024-11-06T17:05:40.097Z
Copied to clipboard!