CVE-2024-20475

Summary

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Catalyst SD-WAN Manager20.6.1affected
CiscoCisco Catalyst SD-WAN Manager20.6.1.1affected
CiscoCisco Catalyst SD-WAN Manager20.6.0.18.3affected
CiscoCisco Catalyst SD-WAN Manager20.6.0.18.4affected
CiscoCisco Catalyst SD-WAN Manager20.6.1.0.1affected
CiscoCisco Catalyst SD-WAN Manager20.6.2affected
CiscoCisco Catalyst SD-WAN Manager20.7.1EFT2affected
CiscoCisco Catalyst SD-WAN Manager20.7.1affected
CiscoCisco Catalyst SD-WAN Manager20.6.2.1affected
CiscoCisco Catalyst SD-WAN Manager20.6.2.2affected
CiscoCisco Catalyst SD-WAN Manager20.7.1.1affected
CiscoCisco Catalyst SD-WAN Manager20.6.2.2.2affected
CiscoCisco Catalyst SD-WAN Manager20.6.2.2.3affected
CiscoCisco Catalyst SD-WAN Manager20.6.2.0.4affected
CiscoCisco Catalyst SD-WAN Manager20.6.2.2.7affected
CiscoCisco Catalyst SD-WAN Manager20.6.3affected
CiscoCisco Catalyst SD-WAN Manager20.7.1.0.2affected
CiscoCisco Catalyst SD-WAN Manager20.8.1affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.7affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.5affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.10affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.2affected
CiscoCisco Catalyst SD-WAN Manager20.7.2affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.11affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.14affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.19affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.18affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.23affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.25affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.27affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.29affected
CiscoCisco Catalyst SD-WAN Manager20.10.1affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.33affected
CiscoCisco Catalyst SD-WAN Manager20.9.1_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.10.1_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.9.3affected
CiscoCisco Catalyst SD-WAN Manager20.6.5.1affected
CiscoCisco Catalyst SD-WAN Manager20.11.1affected
CiscoCisco Catalyst SD-WAN Manager20.11.1_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.9.3_LI_ Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.6.3.1.1affected
CiscoCisco Catalyst SD-WAN Manager20.9.3.0.3affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.2affected
CiscoCisco Catalyst SD-WAN Manager20.6.4.1affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.39affected
CiscoCisco Catalyst SD-WAN Manager20.6.5.2affected
CiscoCisco Catalyst SD-WAN Manager20.10.1.1affected
CiscoCisco Catalyst SD-WAN Manager20.6.2.2.4affected
CiscoCisco Catalyst SD-WAN Manager20.6.1.2affected
CiscoCisco Catalyst SD-WAN Manager20.11.1.1affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.40affected
CiscoCisco Catalyst SD-WAN Manager20.9.2.2affected
CiscoCisco Catalyst SD-WAN Manager20.6.5.2.3affected
CiscoCisco Catalyst SD-WAN Manager20.6.5.1.5affected
CiscoCisco Catalyst SD-WAN Manager20.9.3.0.4affected
CiscoCisco Catalyst SD-WAN Manager20.6.4.0.19affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.3affected
CiscoCisco Catalyst SD-WAN Manager20.6.5.4affected
CiscoCisco Catalyst SD-WAN Manager20.6.5.1.7affected
CiscoCisco Catalyst SD-WAN Manager20.9.3.0.12affected
CiscoCisco Catalyst SD-WAN Manager20.11.1.2affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.4affected
CiscoCisco Catalyst SD-WAN Manager20.10.1.2affected
CiscoCisco Catalyst SD-WAN Manager20.6.5.1.10affected
CiscoCisco Catalyst SD-WAN Manager20.6.5.2.4affected
CiscoCisco Catalyst SD-WAN Manager20.9.3.0.18affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.47affected
CiscoCisco Catalyst SD-WAN Manager20.9.2.3affected
CiscoCisco Catalyst SD-WAN Manager20.9.3.0.21affected
CiscoCisco Catalyst SD-WAN Manager20.9.4_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.9.4affected
CiscoCisco Catalyst SD-WAN Manager20.6.5.1.11affected
CiscoCisco Catalyst SD-WAN Manager20.12.1affected
CiscoCisco Catalyst SD-WAN Manager20.12.1_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.9.3.0.23affected
CiscoCisco Catalyst SD-WAN Manager20.9.4.1affected
CiscoCisco Catalyst SD-WAN Manager20.9.4.1_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.9.3.0.25affected
CiscoCisco Catalyst SD-WAN Manager20.9.3.0.24affected
CiscoCisco Catalyst SD-WAN Manager20.6.5.1.14affected
CiscoCisco Catalyst SD-WAN Manager20.9.3.0.26affected
CiscoCisco Catalyst SD-WAN Manager20.6.3.0.51affected
CiscoCisco Catalyst SD-WAN Manager20.12.2affected
CiscoCisco Catalyst SD-WAN Manager20.12.2_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.6.6.0.1affected
CiscoCisco Catalyst SD-WAN Manager20.13.1_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.9.4.0.4affected
CiscoCisco Catalyst SD-WAN Manager20.13.1affected
CiscoCisco Catalyst SD-WAN Manager20.9.4.1.1affected
CiscoCisco Catalyst SD-WAN Manager20.9.5affected
CiscoCisco Catalyst SD-WAN Manager20.9.5_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.12.3_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.12.3affected
CiscoCisco Catalyst SD-WAN Manager20.9.4.1.3affected
CiscoCisco Catalyst SD-WAN Manager20.6.7affected
CiscoCisco Catalyst SD-WAN Manager20.9.5.1affected
CiscoCisco Catalyst SD-WAN Manager20.9.5.1_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.14.1affected
CiscoCisco Catalyst SD-WAN Manager20.14.1_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.9.5.2_LI_Imagesaffected
CiscoCisco Catalyst SD-WAN Manager20.12.3.1affected
CiscoCisco Catalyst SD-WAN Manager20.12.4affected

Weaknesses

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References