CVE-2023-20218: XSS
First published: Thu Aug 03 2023(Updated: )
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Spa500ds Firmware | ||
| Cisco Spa500ds | ||
| Cisco Spa500s Firmware | ||
| Cisco Spa500s | ||
| Cisco Spa501g Firmware | ||
| Cisco Spa501g | ||
| Cisco Spa502g Firmware | ||
| Cisco Spa502g | ||
| Cisco Spa504g Firmware | ||
| Cisco Spa504g | ||
| Cisco Spa508g Firmware | ||
| Cisco Spa508g | ||
| Cisco Spa509g Firmware | ||
| Cisco Spa509g | ||
| Cisco Spa512g Firmware | ||
| Cisco Spa512g | ||
| Cisco Spa514g Firmware | ||
| Cisco Spa514g | ||
| Cisco Spa525 Firmware | ||
| Cisco Spa525 | ||
| Cisco Spa525g Firmware | ||
| Cisco Spa525g | ||
| Cisco Spa525g2 Firmware | ||
| Cisco Spa525g2 | ||
| All of | ||
| Cisco Spa500ds Firmware | ||
| Cisco Spa500ds | ||
| All of | ||
| Cisco Spa500s Firmware | ||
| Cisco Spa500s | ||
| All of | ||
| Cisco Spa501g Firmware | ||
| Cisco Spa501g | ||
| All of | ||
| Cisco Spa502g Firmware | ||
| Cisco Spa502g | ||
| All of | ||
| Cisco Spa504g Firmware | ||
| Cisco Spa504g | ||
| All of | ||
| Cisco Spa508g Firmware | ||
| Cisco Spa508g | ||
| All of | ||
| Cisco Spa509g Firmware | ||
| Cisco Spa509g | ||
| All of | ||
| Cisco Spa512g Firmware | ||
| Cisco Spa512g | ||
| All of | ||
| Cisco Spa514g Firmware | ||
| Cisco Spa514g | ||
| All of | ||
| Cisco Spa525 Firmware | ||
| Cisco Spa525 | ||
| All of | ||
| Cisco Spa525g Firmware | ||
| Cisco Spa525g | ||
| All of | ||
| Cisco Spa525g2 Firmware | ||
| Cisco Spa525g2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-20218.
What is the severity of CVE-2023-20218?
The severity of CVE-2023-20218 is medium.
How does the vulnerability affect Cisco SPA500 Series Analog Telephone Adapters (ATAs)?
The vulnerability allows an authenticated, remote attacker to modify a web page in the context of a user's browser.
Is there a fix available for CVE-2023-20218?
Yes, Cisco has provided a fix for this vulnerability. Please refer to the Cisco Security Advisory for more information.
What is the Common Weakness Enumeration (CWE) number associated with CVE-2023-20218?
The CWE number associated with CVE-2023-20218 is CWE-79.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco spa500ds firmware
- canonical/cisco spa500ds
- canonical/cisco spa500s firmware
- canonical/cisco spa500s
- canonical/cisco spa501g firmware
- canonical/cisco spa501g
- canonical/cisco spa502g firmware
- canonical/cisco spa502g
- canonical/cisco spa504g firmware
- canonical/cisco spa504g
- canonical/cisco spa508g firmware
- canonical/cisco spa508g
- canonical/cisco spa509g firmware
- canonical/cisco spa509g
- canonical/cisco spa512g firmware
- canonical/cisco spa512g
- canonical/cisco spa514g firmware
- canonical/cisco spa514g
- canonical/cisco spa525 firmware
- canonical/cisco spa525
- canonical/cisco spa525g firmware
- canonical/cisco spa525g
- canonical/cisco spa525g2 firmware
- canonical/cisco spa525g2