CVE-2024-20540

Summary

CVE-2024-20540 is a newly disclosed vulnerability affecting the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP). This issue permits authenticated, remote attackers with low privileges to execute stored cross-site scripting (XSS) attacks against users of the interface. The cause of this vulnerability lies in the interface's failure to adequately validate user-supplied input. An adversary can leverage this flaw by injecting malicious code into a specific portal page, potentially gaining the ability to run arbitrary script code or obtain sensitive browser-based information. To exploit this vulnerability, an attacker must possess at least a Supervisor role on a targeted device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.