mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-01 11:11:27 +00:00
159 lines
6.0 KiB
JSON
159 lines
6.0 KiB
JSON
{
|
|
"id": "CVE-2023-20058",
|
|
"sourceIdentifier": "ykramarz@cisco.com",
|
|
"published": "2023-01-20T07:15:17.633",
|
|
"lastModified": "2023-02-06T19:09:29.170",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.1,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 2.7
|
|
}
|
|
],
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "ykramarz@cisco.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.1,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 2.7
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "9.0\\(1\\)",
|
|
"versionEndExcluding": "12.5\\(1\\)_su2_es05",
|
|
"matchCriteriaId": "B5AC23CF-847A-4946-9338-DAE9DCF4FD36"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.5\\(1\\)_su2",
|
|
"versionEndExcluding": "12.5\\(1\\)_su2_es05",
|
|
"matchCriteriaId": "71026A7F-73E9-4A9B-9189-D10130B09D0B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "12.5\\(1\\)_es02",
|
|
"matchCriteriaId": "5515B7B0-0E16-4284-B6BF-1790E78699E0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.5\\(2\\)",
|
|
"versionEndExcluding": "12.6\\(1\\)_es06",
|
|
"matchCriteriaId": "E1C3570C-01E5-43D6-B416-B10F3AB2C73D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.6\\(1\\)",
|
|
"versionEndExcluding": "12.6\\(1\\)_es06",
|
|
"matchCriteriaId": "49442B0B-5847-444F-B19D-9CCE29CBDF6F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "12.5\\(1\\)_su2_es05",
|
|
"matchCriteriaId": "03A8678A-D1C2-4C80-83C9-DD49873D09EA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.5\\(1\\)_su2",
|
|
"versionEndExcluding": "12.5\\(1\\)_su2_es05",
|
|
"matchCriteriaId": "5C6F0F5F-0628-4D64-83AB-9ECAEB993340"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "12.5\\(1\\)_es02",
|
|
"matchCriteriaId": "3A75793A-2FEB-4E2F-9BCF-3339D17DD551"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.6\\(1\\)",
|
|
"versionEndExcluding": "12.6\\(1\\)_es06",
|
|
"matchCriteriaId": "F0D850FC-1E64-4766-851E-7928B5F58FCF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.6\\(1\\)_es2",
|
|
"versionEndExcluding": "12.6\\(1\\)_es06",
|
|
"matchCriteriaId": "3FF76CFD-E98A-4494-AEA0-D3917F0CF607"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX",
|
|
"source": "ykramarz@cisco.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |