CVE-2024-20504— Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerabilities

CVSS 5.4 · Medium EPSS 0.19% · P41 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-20504

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerabilities

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco AsyncOS 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco AsyncOS是美国思科（Cisco）公司的一款应用于思科设备的操作系统。 Cisco AsyncOS存在安全漏洞，该漏洞源于对用户输入的验证不足。经过身份验证的远程攻击者对该界面的用户发起存储的跨站脚本(XSS)攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Cisco	Cisco Secure Email	14.0.0-698	-
Cisco	Cisco Secure Email and Web Manager	14.0.0-404	-
Cisco	Cisco Secure Web Appliance	14.1.0-032	-

II. Public POCs for CVE-2024-20504

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-20504

请登录查看更多情报信息。

Same Patch Batch · Cisco · 2024-11-06 · 25 CVEs total

CVE-2024-20418	10.0 CRITICAL	Cisco Ultra-Reliable Wireless Backhaul Software Command Injection Vulnerability
CVE-2024-20536	8.8 HIGH	Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
CVE-2024-20484	7.5 HIGH	Cisco Enterprise Chat and Email Denial of Service Vulnerability
CVE-2024-20537	6.5 MEDIUM	Cisco Identity Services Engine Authorization Bypass Vulnerability
CVE-2024-20457	6.5 MEDIUM	Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerab
CVE-2024-20511	6.1 MEDIUM	Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
CVE-2024-20538	6.1 MEDIUM	Cisco Identity Services Engine Cross-Site Scripting Vulnerability
CVE-2024-20525	6.1 MEDIUM	Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability
CVE-2024-20530	6.1 MEDIUM	Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability
CVE-2024-20532	5.5 MEDIUM	Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability
CVE-2024-20527	5.5 MEDIUM	Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability
CVE-2024-20529	5.5 MEDIUM	Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability
CVE-2024-20531	5.5 MEDIUM	Cisco Identity Services Engine XML External Entity Injection Vulnerability
CVE-2024-20514	5.4 MEDIUM	Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Sit
CVE-2024-20540	5.4 MEDIUM	Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability
CVE-2024-20371	5.3 MEDIUM	Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability
CVE-2024-20445	5.3 MEDIUM	Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability
CVE-2024-20533	4.8 MEDIUM	Cisco IP Phone 6800, 7800, 8800, and 9800 Series with Multiplatform Firmware Stored Cross-
CVE-2024-20534	4.8 MEDIUM	Cisco IP Phone 6800, 7800, 8800, and 9800 Series with Multiplatform Firmware Stored Cross-
CVE-2024-20539	4.8 MEDIUM	Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco Secure Email

Same vendor: Cisco

Same weakness: CWE-80

V. Comments for CVE-2024-20504

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-20504— Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerabilities

I. Basic Information for CVE-2024-20504

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-20504

III. Intelligence Information for CVE-2024-20504

Same Patch Batch · Cisco · 2024-11-06 · 25 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-20504

Leave a comment