CVE-2024-20400

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20400
A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

4.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj
Configurations

No configuration.

History

18 Jul 2024, 12:28

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en la interfaz de administración basada en web de Cisco Expressway Series podría permitir que un atacante remoto no autenticado redirija a un usuario a una página web maliciosa. Esta vulnerabilidad se debe a una validación de entrada incorrecta de los parámetros de solicitud HTTP. Un atacante podría aprovechar esta vulnerabilidad interceptando y modificando una solicitud HTTP de un usuario. Un exploit exitoso podría permitir al atacante redirigir al usuario a una página web maliciosa. Nota: La serie Cisco Expressway se refiere a los dispositivos Cisco Expressway Control (Expressway-C) y Cisco Expressway Edge (Expressway-E).

17 Jul 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-17 17:15

Updated : 2024-07-18 12:28

NVD link : CVE-2024-20400

Mitre link : CVE-2024-20400

CVE.ORG link : CVE-2024-20400

JSON object : View

Products Affected

No product.

CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024