CVE-2024-20270

Name of the Vulnerable Software and Affected Versions Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform (affected versions not specified) Cisco NX-OS Software (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco products could allow an attacker to conduct a stored cross-site scripting (XSS) attack or cause a denial of service (DoS) condition on affected devices. This issue exists due to the interface not properly validating user-supplied input. An attacker could exploit this by persuading a user to click a crafted link, potentially allowing the execution of arbitrary script code or access to sensitive information.

Recommendations For Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform, consider disabling the web-based management interface until a patch is available. For Cisco NX-OS Software, restrict access to the affected interface to minimize the risk of exploitation. As a temporary workaround, avoid using the web-based management interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.