Lucene search

CiscoCVELIST:CVE-2019-15974

HistorySep 23, 2020 - 12:27 a.m.

CVE-2019-15974 Cisco Managed Services Accelerator Open Redirect Vulnerability

2020-09-2300:27:08

CWE-601

cisco

www.cve.org

cisco

msx

open redirect

vulnerability

cve-2019-15974

web interface

input validation

http request

phishing

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

47.0%

JSON

A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user’s HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

CNA Affected

[
  {
    "product": "Cisco Managed Services Accelerator",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-msa-open-redirect

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

47.0%

JSON

Related for CVELIST:CVE-2019-15974