2023-08-16 22:00:29 +00:00
{
"id" : "CVE-2023-20228" ,
"sourceIdentifier" : "ykramarz@cisco.com" ,
"published" : "2023-08-16T21:15:09.737" ,
2023-08-31 16:00:28 +00:00
"lastModified" : "2023-08-31T15:01:26.960" ,
"vulnStatus" : "Analyzed" ,
2023-08-16 22:00:29 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-08-31 16:00:28 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 6.1 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 2.7
} ,
2023-08-16 22:00:29 +00:00
{
"source" : "ykramarz@cisco.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 6.1 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 2.7
}
]
} ,
2023-08-31 16:00:28 +00:00
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:encs_5100_firmware:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.2" ,
"versionEndExcluding" : "3.2.15.1" ,
"matchCriteriaId" : "3BFE88BB-D139-4118-A301-66381FE360D8"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "678F3A32-372A-441E-8115-95181FBAF628"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:encs_5400_firmware:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.2" ,
"versionEndExcluding" : "3.2.15.1" ,
"matchCriteriaId" : "50E1F7BF-6F2E-4664-BF11-757645A5F209"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "01AE8153-6C23-46AB-BEAA-A6F27FDFEED7"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ucs_c220_m5_rack_server_firmware:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.2" ,
"versionEndExcluding" : "4.3.2.230207" ,
"matchCriteriaId" : "03CC45CE-28B1-4901-859D-98DC10E80B8D"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:ucs_c220_m5_rack_server:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B92DFE16-D552-4A12-B4EB-7B0713634182"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ucs_e160s_m3_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.2.15.1" ,
"matchCriteriaId" : "A589EC14-2996-4D01-9323-696FC51982EB"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:ucs_e160s_m3:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4CBB5AD3-0BBA-4908-AEB7-5402AB48E628"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ucs_e180d_m3_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.2.15.1" ,
"matchCriteriaId" : "21C26B22-9630-4891-9103-E393060F0D9B"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:ucs_e180d_m3:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C14DE1B6-A8E0-4267-8FE8-45756051ED4C"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ucs-e1120d-m3_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.2.15.1" ,
"matchCriteriaId" : "2DAC4D5D-4AEA-4427-B855-D73E722BC59C"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DF77273F-73C0-40EB-BB4E-75269D46F074"
}
]
}
]
}
] ,
2023-08-16 22:00:29 +00:00
"references" : [
{
"url" : "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-UMYtYEtr" ,
2023-08-31 16:00:28 +00:00
"source" : "ykramarz@cisco.com" ,
"tags" : [
"Vendor Advisory"
]
2023-08-16 22:00:29 +00:00
}
]
}
