发布日期：2024-08-21
更新日期：2024-11-21

受影响系统：

Cisco Unified Communications Manager 15.0
Cisco Unified Communications Manager 14.0
Cisco Unified Communications Manager 12.6
Cisco Unified Communications Manager 12.5
Cisco Unified Communications Manager
Cisco Unified Communications Manager Session Management Edition 15.0
Cisco Unified Communications Manager Session Management Edition 14.0
Cisco Unified Communications Manager Session Management Edition 12.6
Cisco Unified Communications Manager Session Management Edition 12.5
Cisco Unified Communications Manager Session Management Edition

描述：

---

CVE(CAN) ID: CVE-2024-20488

Cisco Unified Communications Manager是美国思科（Cisco）公司的一款统一通信系统中的呼叫处理组件，提供了一种可扩展、可分布和高可用的企业IP电话呼叫处理解决方案。
Cisco Unified Communications Manager（Unified CM）和Cisco Unified Communications Manager Session Management Edition（Unified CM SME）存在跨站脚本漏洞，该漏洞源于Web管理界面未正确验证用户提供的输入，攻击者可利用该漏洞诱骗用户单击构造的链接，在受影响界面上下文中执行任意代码或访问基于浏览器的敏感信息。

<*链接：https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-9zmf
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-cucm-xss-9zmfHyZ）以及相应补丁:
cisco-sa-cucm-xss-9zmfHyZ：Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
链接：https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-9zmfHyZ

浏览次数：101
严重程度：0（网友投票）