Lucene search

Japan Vulnerability NotesJVN:73587943

HistoryJan 22, 2024 - 12:00 a.m.

JVN#73587943: Access analysis CGI An-Analyzer vulnerable to open redirect

2024-01-2200:00:00

Japan Vulnerability Notes

jvn.jp

jvn#73587943" "access analysis" "open redirect" "cwe-601" "phishing attack" "workaround" "loc.cgi" "anglersnet" "vulnerable" "december 31" "2023

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

26.9%

JSON

Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains an open redirect vulnerability (CWE-601).

Impact

When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.

Solution

Apply the workaround
Delete loc.cgi file included in the product.
For more information, refer to the information provided by the developer.

Products Affected

Access analysis CGI An-Analyzer released in 2023 December 31 and earlier

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

26.9%

JSON

Related for JVN:73587943