4.3
CVE-2026-20172
- EPSS 0.02%
- Veröffentlicht 06.05.2026 16:15:37
- Zuletzt bearbeitet 06.05.2026 18:59:53
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Enterprise Chat and Email
Default Statusunknown
Version
11.6(1)_ES3
Status
affected
Version
11.6(1)_ES4
Status
affected
Version
12.0(1)_ES6
Status
affected
Version
11.6(1)_ES8
Status
affected
Version
12.0(1)_ES5a
Status
affected
Version
11.6(1)_ES9
Status
affected
Version
12.0(1)_ES6_ET1
Status
affected
Version
11.6(1)_ES6
Status
affected
Version
11.6(1)_ES5
Status
affected
Version
12.5(1)_ET1
Status
affected
Version
12.5(1)
Status
affected
Version
12.5(1)_ES3_ET1
Status
affected
Version
12.0(1)_ES3
Status
affected
Version
11.6(1)_ES11
Status
affected
Version
12.0(1)_ES4
Status
affected
Version
12.0(1)_ES5
Status
affected
Version
11.6(1)_ES2
Status
affected
Version
11.6(1)_ES9a
Status
affected
Version
11.6(1)_ES10
Status
affected
Version
12.0(1)_ES1
Status
affected
Version
12.0(1)
Status
affected
Version
12.5(1)_ES3
Status
affected
Version
12.6(1)
Status
affected
Version
11.5(1)
Status
affected
Version
12.0(1)_ES2
Status
affected
Version
11.6(1)_ES7
Status
affected
Version
12.5(1)_ES2
Status
affected
Version
12.6(1)_ET1
Status
affected
Version
11.6(1)
Status
affected
Version
12.5(1)_ES1
Status
affected
Version
12.6(1)_ET2
Status
affected
Version
12.5(1)_ES3_ET2
Status
affected
Version
12.0(1)_ES6_ET2
Status
affected
Version
12.6(1)_ES1
Status
affected
Version
12.5(1)_ES4
Status
affected
Version
11.6(1)_ES12
Status
affected
Version
12.6(1)_ET3
Status
affected
Version
12.5(1)_ES4_ET1
Status
affected
Version
12.0(1)_ES6_ET3
Status
affected
Version
12.6(1)_ES1_ET1
Status
affected
Version
12.6(1)_ES2
Status
affected
Version
12.6_ES2_ET1
Status
affected
Version
12.5(1)_ES5
Status
affected
Version
12.6_ES2_ET2
Status
affected
Version
12.0(1)_ES7
Status
affected
Version
12.6_ES2_ET3
Status
affected
Version
12.0(1)_ES7_ET1
Status
affected
Version
12.5(1)_ES5_ET1
Status
affected
Version
12.6_ES2_ET4
Status
affected
Version
12.6(1)_ES3
Status
affected
Version
11.6(1)_ES12_ET1
Status
affected
Version
12.6_ES3_ET1
Status
affected
Version
12.5(1)_ES6
Status
affected
Version
12.6_ES3_ET2
Status
affected
Version
12.6(1)_ES4
Status
affected
Version
12.5(1)_ES7
Status
affected
Version
12.6(1)_ES4_ET1
Status
affected
Version
12.6(1)_ES5
Status
affected
Version
12.6(1)_ES5_ET1
Status
affected
Version
12.6(1)_ES5_ET2
Status
affected
Version
12.6(1)_ES6
Status
affected
Version
12.6(1)_ES6_ET1
Status
affected
Version
12.5(1)_ES8
Status
affected
Version
12.6(1)_ES6_ET2
Status
affected
Version
12.6(1)_ES7
Status
affected
Version
12.6(1)_ES8
Status
affected
Version
12.6(1)_ES4_ET2
Status
affected
Version
12.6(1)_ES3_ET3
Status
affected
Version
12.6(1)_ES2_ET5
Status
affected
Version
12.6(1)_ES1_ET2
Status
affected
Version
12.6(1)_ES8_ET1
Status
affected
Version
12.6(1)_ES7_ET1
Status
affected
Version
12.6(1)_ES6_ET3
Status
affected
Version
12.6(1)_ES5_ET3
Status
affected
Version
12.5(1)_ES8_ET1
Status
affected
Version
12.5(1)_ES3_ET3
Status
affected
Version
12.5(1)_ES5_ET2
Status
affected
Version
12.5(1)_ES6_ET1
Status
affected
Version
12.5(1)_ES4_ET2
Status
affected
Version
12.5(1)_ES7_ET1
Status
affected
Version
12.6(1)_ES8_ET2
Status
affected
Version
12.6(1)_ES9
Status
affected
Version
12.6(1)_ES9_ET1
Status
affected
Version
12.5(1)_ES9
Status
affected
Version
12.6(1)_ES9_ET2
Status
affected
Version
12.6(1)_ES9_ET3
Status
affected
Version
12.6(1)_ES10
Status
affected
Version
12.6(1)_ES10_ET1
Status
affected
Version
15.0(1)
Status
affected
Version
12.6(1)_ES11
Status
affected
Version
15.0(1)_ET1
Status
affected
Version
15.0(1)ES202508
Status
affected
Version
12.6(1)_ES11_ET1
Status
affected
Version
12.6(1)_ES11_ET2
Status
affected
Version
12.6(1)_ES12
Status
affected
Version
15.0(1)ES202511
Status
affected
Version
12.6(1)_ES12_ET1
Status
affected
Version
15.0(1)ES202511_ET1
Status
affected
Version
12.5(1)_ES10
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.064 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-646 Reliance on File Name or Extension of Externally-Supplied File
The product allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.