CVE-2024-20392

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published May 15, 2024

CWE ID 113

Summary

CVE-2024-20392 is a vulnerability affecting the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway. An unauthenticated, remote attacker can exploit this issue through HTTP response splitting, caused by insufficient input validation of certain parameters. By persuading a user to click on a maliciously crafted link, an attacker can execute cross-site scripting (XSS) attacks, leading to the execution of arbitrary script code in the user's browser, or gain access to sensitive, browser-based information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/v8lY5T
https://www.cve.org/CVERecord?id=CVE-2024-20392
https://nvd.nist.gov/vuln/detail/CVE-2024-20392

Back to Vulnerability Database

CVE-2024-20392

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations