CVE-2024-20310

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) versions not specified

Description The issue is related to a path traversal flaw in the web-based interface of the system, which could allow a remote attacker to conduct cross-site scripting (XSS) attacks against authenticated users. This is due to the interface not properly validating user-supplied input. An attacker could exploit this by persuading an authenticated user to click a crafted link, potentially allowing the execution of arbitrary script code or access to sensitive browser-based information.

Recommendations For Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), as a temporary workaround, consider disabling the web interface until a patch is available. Plan a swift upgrade to a newer version that contains a fix for this issue.