CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
48.8%
Cisco Digital Media Manager (DMM) contains a vulnerability that could allow an unauthenticated, remote attacker to cause the DMM to issue a redirect to an arbitrary third-party URL.
The vulnerability is due to an open redirect issue in the DMM login page. An attacker could exploit this vulnerability by crafting a specific URL pointing to the DMM login page with a parameter that could trigger the DMM to issue an HTTP redirect to a host under the control of the attacker.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, it is likely an attacker would need to access or control a host system that is able to communicate with the targeted device. In addition, the attacker would need to know the location of the device to point a crafted URL to the login page. Typically, these devices would be on trusted, internal networks behind firewalls. These access requirements decrease the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | digital_media_manager | any | cpe:2.3:a:cisco:digital_media_manager:any:*:*:*:*:*:*:* |