CVE-2024-20475

MEDIUM EPSS 23.1%
Published Sep 25, 20241y ago · Modified Jun 17, 20261w ago
5.4 CVSS 3.1
Medium
Find Similar
Published Sep 25, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.

CVSS Details

Base Score
5.4
Exploitability
2.3
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
23.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 102

VendorProductVersionRange
ciscocatalyst_sd-wan_manager20.6.0.18.3any
ciscocatalyst_sd-wan_manager20.6.0.18.4any
ciscocatalyst_sd-wan_manager20.6.1any
ciscocatalyst_sd-wan_manager20.6.1.0.1any
ciscocatalyst_sd-wan_manager20.6.1.1any
ciscocatalyst_sd-wan_manager20.6.1.2any
ciscocatalyst_sd-wan_manager20.6.2any
ciscocatalyst_sd-wan_manager20.6.2.0.4any
ciscocatalyst_sd-wan_manager20.6.2.1any
ciscocatalyst_sd-wan_manager20.6.2.2any
ciscocatalyst_sd-wan_manager20.6.2.2.2any
ciscocatalyst_sd-wan_manager20.6.2.2.3any
ciscocatalyst_sd-wan_manager20.6.2.2.4any
ciscocatalyst_sd-wan_manager20.6.2.2.7any
ciscocatalyst_sd-wan_manager20.6.3any
ciscocatalyst_sd-wan_manager20.6.3.0.2any
ciscocatalyst_sd-wan_manager20.6.3.0.5any
ciscocatalyst_sd-wan_manager20.6.3.0.7any
ciscocatalyst_sd-wan_manager20.6.3.0.10any
ciscocatalyst_sd-wan_manager20.6.3.0.11any
ciscocatalyst_sd-wan_manager20.6.3.0.14any
ciscocatalyst_sd-wan_manager20.6.3.0.18any
ciscocatalyst_sd-wan_manager20.6.3.0.19any
ciscocatalyst_sd-wan_manager20.6.3.0.23any
ciscocatalyst_sd-wan_manager20.6.3.0.25any
ciscocatalyst_sd-wan_manager20.6.3.0.27any
ciscocatalyst_sd-wan_manager20.6.3.0.29any
ciscocatalyst_sd-wan_manager20.6.3.0.33any
ciscocatalyst_sd-wan_manager20.6.3.0.39any
ciscocatalyst_sd-wan_manager20.6.3.0.40any
ciscocatalyst_sd-wan_manager20.6.3.0.47any
ciscocatalyst_sd-wan_manager20.6.3.0.51any
ciscocatalyst_sd-wan_manager20.6.3.1.1any
ciscocatalyst_sd-wan_manager20.6.3.2any
ciscocatalyst_sd-wan_manager20.6.3.3any
ciscocatalyst_sd-wan_manager20.6.3.4any
ciscocatalyst_sd-wan_manager20.6.4.0.19any
ciscocatalyst_sd-wan_manager20.6.4.1any
ciscocatalyst_sd-wan_manager20.6.5.1any
ciscocatalyst_sd-wan_manager20.6.5.1.5any
ciscocatalyst_sd-wan_manager20.6.5.1.7any
ciscocatalyst_sd-wan_manager20.6.5.1.10any
ciscocatalyst_sd-wan_manager20.6.5.1.11any
ciscocatalyst_sd-wan_manager20.6.5.1.14any
ciscocatalyst_sd-wan_manager20.6.5.2any
ciscocatalyst_sd-wan_manager20.6.5.2.3any
ciscocatalyst_sd-wan_manager20.6.5.2.4any
ciscocatalyst_sd-wan_manager20.6.5.4any
ciscocatalyst_sd-wan_manager20.6.6.0.1any
ciscocatalyst_sd-wan_manager20.6.7any
ciscocatalyst_sd-wan_manager20.7.1any
ciscocatalyst_sd-wan_manager20.7.1.0.2any
ciscocatalyst_sd-wan_manager20.7.1.1any
ciscocatalyst_sd-wan_manager20.7.1eft2any
ciscocatalyst_sd-wan_manager20.7.2any
ciscocatalyst_sd-wan_manager20.8.1any
ciscocatalyst_sd-wan_manager20.9.1_li_imagesany
ciscocatalyst_sd-wan_manager20.9.2.2any
ciscocatalyst_sd-wan_manager20.9.2.3any
ciscocatalyst_sd-wan_manager20.9.3any
ciscocatalyst_sd-wan_manager20.9.3.0.3any
ciscocatalyst_sd-wan_manager20.9.3.0.4any
ciscocatalyst_sd-wan_manager20.9.3.0.12any
ciscocatalyst_sd-wan_manager20.9.3.0.18any
ciscocatalyst_sd-wan_manager20.9.3.0.21any
ciscocatalyst_sd-wan_manager20.9.3.0.23any
ciscocatalyst_sd-wan_manager20.9.3.0.24any
ciscocatalyst_sd-wan_manager20.9.3.0.25any
ciscocatalyst_sd-wan_manager20.9.3.0.26any
ciscocatalyst_sd-wan_manager20.9.3_li_imagesany
ciscocatalyst_sd-wan_manager20.9.4any
ciscocatalyst_sd-wan_manager20.9.4.0.4any
ciscocatalyst_sd-wan_manager20.9.4.1any
ciscocatalyst_sd-wan_manager20.9.4.1.1any
ciscocatalyst_sd-wan_manager20.9.4.1.3any
ciscocatalyst_sd-wan_manager20.9.4.1_li_imagesany
ciscocatalyst_sd-wan_manager20.9.4_li_imagesany
ciscocatalyst_sd-wan_manager20.9.5any
ciscocatalyst_sd-wan_manager20.9.5.1any
ciscocatalyst_sd-wan_manager20.9.5.1_li_imagesany
ciscocatalyst_sd-wan_manager20.9.5.2_li_imagesany
ciscocatalyst_sd-wan_manager20.9.5_li_imagesany
ciscocatalyst_sd-wan_manager20.10.1any
ciscocatalyst_sd-wan_manager20.10.1.1any
ciscocatalyst_sd-wan_manager20.10.1.2any
ciscocatalyst_sd-wan_manager20.10.1_li_imagesany
ciscocatalyst_sd-wan_manager20.11.1any
ciscocatalyst_sd-wan_manager20.11.1.1any
ciscocatalyst_sd-wan_manager20.11.1.2any
ciscocatalyst_sd-wan_manager20.11.1_li_imagesany
ciscocatalyst_sd-wan_manager20.12.1any
ciscocatalyst_sd-wan_manager20.12.1_li_imagesany
ciscocatalyst_sd-wan_manager20.12.2any
ciscocatalyst_sd-wan_manager20.12.2_li_imagesany
ciscocatalyst_sd-wan_manager20.12.3any
ciscocatalyst_sd-wan_manager20.12.3.1any
ciscocatalyst_sd-wan_manager20.12.3_li_imagesany
ciscocatalyst_sd-wan_manager20.12.4any
ciscocatalyst_sd-wan_manager20.13.1any
ciscocatalyst_sd-wan_manager20.13.1_li_imagesany
ciscocatalyst_sd-wan_manager20.14.1any
ciscocatalyst_sd-wan_manager20.14.1_li_imagesany

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-xss-zQ4KPvYd
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.