CVE-2024-20257 - Vulnerability Details

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Asyncos Secure Email Gateway C195 Secure Email Gateway C395 Secure Email Gateway C695 Secure Email Gateway Virtual Appliance C100v Secure Email Gateway Virtual Appliance C300v Secure Email Gateway Virtual Appliance C600v

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:asyncos:11.0.3-238:::::::*
	cpe:2.3:o:cisco:asyncos:11.1.0-069:::::::*
	cpe:2.3:o:cisco:asyncos:11.1.0-128:::::::*
	cpe:2.3:o:cisco:asyncos:11.1.0-131:::::::*
	cpe:2.3:o:cisco:asyncos:12.0.0-419:::::::*
	cpe:2.3:o:cisco:asyncos:12.1.0-071:::::::*
	cpe:2.3:o:cisco:asyncos:12.1.0-087:::::::*
	cpe:2.3:o:cisco:asyncos:12.1.0-089:::::::*
	cpe:2.3:o:cisco:asyncos:12.5.0-066:::::::*
	cpe:2.3:o:cisco:asyncos:12.5.3-041:::::::*
	cpe:2.3:o:cisco:asyncos:12.5.4-041:::::::*
	cpe:2.3:o:cisco:asyncos:13.0.0-392:::::::*
	cpe:2.3:o:cisco:asyncos:13.0.5-007:::::::*
	cpe:2.3:o:cisco:asyncos:13.5.1-277:::::::*
	cpe:2.3:o:cisco:asyncos:13.5.4-038:::::::*
	cpe:2.3:o:cisco:asyncos:14.0.0-698:::::::*
	cpe:2.3:o:cisco:asyncos:14.2.0-620:::::::*
	cpe:2.3:o:cisco:asyncos:14.2.1-020:::::::*
	cpe:2.3:o:cisco:asyncos:14.3.0-032:::::::*
	cpe:2.3:o:cisco:asyncos:15.0.0-104:::::::*
	cpe:2.3:o:cisco:asyncos:15.0.1-030:::::::*
	cpe:2.3:o:cisco:asyncos:15.5.0-048:::::::*

OR	cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c100v:-:::::::*
	cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c300v:-:::::::*
	cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c600v:-:::::::*
	cpe:2.3:h:cisco:secure_email_gateway_c195:-:::::::*
	cpe:2.3:h:cisco:secure_email_gateway_c395:-:::::::*
	cpe:2.3:h:cisco:secure_email_gateway_c695:-:::::::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD

History

Wed, 06 Aug 2025 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco asyncos Cisco secure Email Gateway C195 Cisco secure Email Gateway C395 Cisco secure Email Gateway C695 Cisco secure Email Gateway Virtual Appliance C100v Cisco secure Email Gateway Virtual Appliance C300v Cisco secure Email Gateway Virtual Appliance C600v
CPEs		cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c100v:-:::::::* cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c300v:-:::::::* cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c600v:-:::::::* cpe:2.3:h:cisco:secure_email_gateway_c195:-:::::::* cpe:2.3:h:cisco:secure_email_gateway_c395:-:::::::* cpe:2.3:h:cisco:secure_email_gateway_c695:-:::::::* cpe:2.3:o:cisco:asyncos:11.0.3-238:::::::* cpe:2.3:o:cisco:asyncos:11.1.0-069:::::::* cpe:2.3:o:cisco:asyncos:11.1.0-128:::::::* cpe:2.3:o:cisco:asyncos:11.1.0-131:::::::* cpe:2.3:o:cisco:asyncos:12.0.0-419:::::::* cpe:2.3:o:cisco:asyncos:12.1.0-071:::::::* cpe:2.3:o:cisco:asyncos:12.1.0-087:::::::* cpe:2.3:o:cisco:asyncos:12.1.0-089:::::::* cpe:2.3:o:cisco:asyncos:12.5.0-066:::::::* cpe:2.3:o:cisco:asyncos:12.5.3-041:::::::* cpe:2.3:o:cisco:asyncos:12.5.4-041:::::::* cpe:2.3:o:cisco:asyncos:13.0.0-392:::::::* cpe:2.3:o:cisco:asyncos:13.0.5-007:::::::* cpe:2.3:o:cisco:asyncos:13.5.1-277:::::::* cpe:2.3:o:cisco:asyncos:13.5.4-038:::::::* cpe:2.3:o:cisco:asyncos:14.0.0-698:::::::* cpe:2.3:o:cisco:asyncos:14.2.0-620:::::::* cpe:2.3:o:cisco:asyncos:14.2.1-020:::::::* cpe:2.3:o:cisco:asyncos:14.3.0-032:::::::* cpe:2.3:o:cisco:asyncos:15.0.0-104:::::::* cpe:2.3:o:cisco:asyncos:15.0.1-030:::::::* cpe:2.3:o:cisco:asyncos:15.5.0-048:::::::*
Vendors & Products		Cisco Cisco asyncos Cisco secure Email Gateway C195 Cisco secure Email Gateway C395 Cisco secure Email Gateway C695 Cisco secure Email Gateway Virtual Appliance C100v Cisco secure Email Gateway Virtual Appliance C300v Cisco secure Email Gateway Virtual Appliance C600v

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-05-15T17:58:59.579Z

Updated: 2024-08-01T21:52:31.675Z

Reserved: 2023-11-08T15:08:07.623Z

Link: CVE-2024-20257

Vulnrichment

Updated: 2024-08-01T21:52:31.675Z

NVD

Status : Analyzed

Published: 2024-05-15T18:15:08.967

Modified: 2025-08-06T16:56:50.350

Link: CVE-2024-20257

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object