Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20140829-CVE-2014-3350
HistoryAug 29, 2014 - 2:24 p.m.

Cisco Intelligent Automation for Cloud URL Redirection Vulnerability

2014-08-2914:24:10
tools.cisco.com
14

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

50.2%

JSON

A vulnerability in the URL redirection of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to obtain sensitive information.

The vulnerability is due to improper sanitization of redirect URLs. An attacker could exploit this vulnerability by submitting crafted URLs.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

After a successful exploit, the attacker could redirect a targeted user to a malicious site in an attempt to obtain sensitive information.

Affected configurations

Vulners
Node
ciscocloud_portalMatchany
OR
ciscocloud_portalMatchany

Related

prion 1
cvelist 1
cve 1
nvd 1
prion
prion
Code injection
2014-08-29 09:55:00
cvelist
cvelist
CVE-2014-3350
2014-08-29 10:00:00
cve
cve
CVE-2014-3350
2014-08-29 10:00:00
nvd
nvd
CVE-2014-3350
2014-08-29 09:55:08

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

50.2%

JSON
Related for CISCO-SA-20140829-CVE-2014-3350
prion1cvelist1cve1nvd1