Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20504

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Published

2024-11-06T17:15:16.053

Last Modified

2025-08-07T19:08:29.290

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-80

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	asyncos	14.0.0-698	Yes
Operating System	cisco	asyncos	14.2.0-620	Yes
Operating System	cisco	asyncos	14.2.1-020	Yes
Operating System	cisco	asyncos	14.3.0-032	Yes
Operating System	cisco	asyncos	15.0.0-104	Yes
Operating System	cisco	asyncos	15.0.1-030	Yes
Operating System	cisco	asyncos	15.5.0-048	Yes
Operating System	cisco	asyncos	15.5.1-055	Yes
Application	cisco	secure_email_gateway_virtual_appliance_c100v	-	No
Application	cisco	secure_email_gateway_virtual_appliance_c300v	-	No
Application	cisco	secure_email_gateway_virtual_appliance_c600v	-	No
Hardware	cisco	secure_email_gateway_c195	-	No
Hardware	cisco	secure_email_gateway_c395	-	No
Hardware	cisco	secure_email_gateway_c695	-	No
Operating System	cisco	asyncos	14.0.0-404	Yes
Operating System	cisco	asyncos	14.1.0-223	Yes
Operating System	cisco	asyncos	14.1.0-227	Yes
Operating System	cisco	asyncos	14.2.0-212	Yes
Operating System	cisco	asyncos	14.2.0-224	Yes
Operating System	cisco	asyncos	14.2.1-020	Yes
Operating System	cisco	asyncos	14.3.0-120	Yes
Operating System	cisco	asyncos	15.0.0-334	Yes
Operating System	cisco	asyncos	15.5.1-024	Yes
Operating System	cisco	asyncos	15.5.1-029	Yes
Application	cisco	secure_email_and_web_manager_virtual_appliance_m100v	-	No
Application	cisco	secure_email_and_web_manager_virtual_appliance_m300v	-	No
Application	cisco	secure_email_and_web_manager_virtual_appliance_m600v	-	No
Hardware	cisco	secure_email_and_web_manager_m170	-	No
Hardware	cisco	secure_email_and_web_manager_m190	-	No
Hardware	cisco	secure_email_and_web_manager_m195	-	No
Hardware	cisco	secure_email_and_web_manager_m380	-	No
Hardware	cisco	secure_email_and_web_manager_m390	-	No
Hardware	cisco	secure_email_and_web_manager_m390x	-	No
Hardware	cisco	secure_email_and_web_manager_m395	-	No
Hardware	cisco	secure_email_and_web_manager_m680	-	No
Hardware	cisco	secure_email_and_web_manager_m690	-	No
Hardware	cisco	secure_email_and_web_manager_m690x	-	No
Hardware	cisco	secure_email_and_web_manager_m695	-	No
Operating System	cisco	asyncos	14.0.2-012	Yes
Operating System	cisco	asyncos	14.0.3-014	Yes
Operating System	cisco	asyncos	14.0.4-005	Yes
Operating System	cisco	asyncos	14.0.5-007	Yes
Operating System	cisco	asyncos	14.1.0-032	Yes
Operating System	cisco	asyncos	14.1.0-041	Yes
Operating System	cisco	asyncos	14.1.0-047	Yes
Operating System	cisco	asyncos	14.5.0-498	Yes
Operating System	cisco	asyncos	14.5.1-008	Yes
Operating System	cisco	asyncos	14.5.1-016	Yes
Operating System	cisco	asyncos	14.5.1-510	Yes
Operating System	cisco	asyncos	14.5.1-607	Yes
Operating System	cisco	asyncos	14.5.2-011	Yes
Operating System	cisco	asyncos	14.5.3-033	Yes
Operating System	cisco	asyncos	15.0.0-322	Yes
Operating System	cisco	asyncos	15.0.0-355	Yes
Operating System	cisco	asyncos	15.1.0-287	Yes
Operating System	cisco	asyncos	15.2.0-116	Yes
Operating System	cisco	asyncos	15.2.0-164	Yes
Application	cisco	secure_web_appliance_virtual_s1000v	-	No
Application	cisco	secure_web_appliance_virtual_s100v	-	No
Application	cisco	secure_web_appliance_virtual_s300v	-	No
Application	cisco	secure_web_appliance_virtual_s600v	-	No
Hardware	cisco	secure_web_appliance_s196	-	No
Hardware	cisco	secure_web_appliance_s396	-	No
Hardware	cisco	secure_web_appliance_s696	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n Vendor Advisory ([email protected])