4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
41.5%
A vulnerability in Cisco Cloud Portal Appliance could aid an unauthenticated, remote attacker in performing a man-in-the-middle attack.
The vulnerability is due to a design error in the affected software. An unauthenticated, remote attacker could exploit this vulnerability to perform a man-in-the-middle attack against a user logging in to a targeted device. A successful exploit could be used to conduct further attacks.
Cisco has confirmed the vulnerability and released software updates.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
CPE | Name | Operator | Version |
---|---|---|---|
cisco prime service catalog | eq | any | |
cisco prime service catalog | eq | any |