CVE-2022-20740 MEDIUM

CVE-2022-20740: Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability

Vendor Cisco
Product Cisco Firepower Management Center 6.1.0
Weakness CWE-80 · XSS · basic
Published May 3, 2022
Last update November 6, 2024

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information.

Key dates

02Disclosure timeline

May 3, 2022 CVE published
November 6, 2024 Record updated