Design/Logic Flaw

2018-10-0514:29:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

CPENameOperatorVersion
emergency_respondereq11.54.590001
emergency_respondereq12.1.400003
emergency_respondereq12.50.98000110
unified_communications_managereq11.1.1000010
unified_communications_managereq11.51.100006
unified_communications_managereq10.52.100005
unified_communications_managereq12.1.1000010
unified_communications_manager_im_and_presence_serviceeq10.51.0
unified_communications_manager_im_and_presence_serviceeq10.52.0
unified_communications_manager_im_and_presence_serviceeq12.1.0

Name	Operator	Version
emergency_responder	eq	11.54.590001
emergency_responder	eq	12.1.400003
emergency_responder	eq	12.50.98000110
unified_communications_manager	eq	11.1.1000010
unified_communications_manager	eq	11.51.100006
unified_communications_manager	eq	10.52.100005
unified_communications_manager	eq	12.1.1000010
unified_communications_manager_im_and_presence_service	eq	10.51.0
unified_communications_manager_im_and_presence_service	eq	10.52.0
unified_communications_manager_im_and_presence_service	eq	12.1.0