CVE-2024-20270

Summary

CVE-2024-20270 is a stored cross-site scripting (XSS) vulnerability affecting the web-based management interfaces of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform. This issue allows authenticated, remote attackers to inject malicious scripts into a user's session, which could be executed when the user clicks a specially crafted link. Successful exploitation may grant the attacker the ability to execute arbitrary script code within the interface or access sensitive browser-based information. The vulnerability stems from the interfaces' failure to properly validate user-supplied input.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.