Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability (CVE-2024-20475)
CVE number – CVE-2024-20475
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
At the time of publication, this vulnerability affected Cisco Catalyst SD-WAN Manager, regardless of device configuration.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface.
A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.
Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-xss-zQ4KPvYd
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.