VDB
CVE-2024-20512
CVE-2024-20512
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
EPSS 0.45% · 63.9th percentile
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.45%
63.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Unified Contact Center Management Portal | 12.6(1)_ES12, 12.6(1)_ES7, 12.6(1)_ES8 |
| cisco | unified_contact_center_management_portal | 12.6, 12.6, 12.6 |
Exploit Intelligence
- CIRCL seen: CVE-2024-20512 (circl-sighting)
- cisco-sa-ccmpdm-rxss-tAX76U3k (circl)
Timeline
- Oct 16, 2024 Coalition ESS Score
- Oct 16, 2024 CVE Published
- Oct 16, 2024 PoC Published
- Oct 17, 2024 EPSS Score
- Oct 18, 2024 Coalition ESS Score
- Nov 5, 2024 EPSS Score
- Nov 6, 2024 Coalition ESS Score
- Nov 7, 2024 CVE Updated
- Nov 23, 2024 EPSS Score
- Dec 13, 2024 EPSS Score
- Dec 31, 2024 EPSS Score
- Jan 19, 2025 EPSS Score