CVE-2024-20514

Summary

CVE-2024-20514 is a stored cross-site scripting (XSS) vulnerability affecting the web-based management interfaces of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure. An authenticated, low-privileged attacker can exploit this issue by injecting malicious code into a specific page of the interface. The vulnerability stems from the interface's failure to properly validate user-supplied input. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or gain access to sensitive browser-based information. To exploit this vulnerability, the attacker requires at least a low-privileged account on an affected device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.