CVE-2020-3420 — Vulnetix

CVE-2020-3420 PUBLISHED CVSS 5.400000095367432 MEDIUM

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability.

EPSS 0.13% · 31.8th percentile

Risk Scores

CVSS 3.0

5.400000095367432

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X

EPSS Score

0.13%

31.8th percentile

Affected Products

Vendor	Product	Versions
cisco	unified_communications_manager
Cisco	Cisco Unified Communications Manager	N/A

Exploit Intelligence

CIRCL seen: CVE-2020-3420 (circl-sighting)
cisco-sa-cucm-xss-bLZw4Ctq (circl)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3 (circl)

Timeline

Nov 18, 2024 CVE Published
Nov 18, 2024 CVE Updated
Nov 19, 2024 EPSS Score
Dec 7, 2024 EPSS Score
Dec 25, 2024 EPSS Score
Jan 11, 2025 EPSS Score
Jan 29, 2025 EPSS Score
Feb 15, 2025 EPSS Score
Mar 5, 2025 EPSS Score
Mar 22, 2025 EPSS Score
Apr 9, 2025 EPSS Score
Apr 26, 2025 EPSS Score

References

Open in Interactive Console →