CVE-2014-3283

Опубликовано: 29 мая 2014

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731.

Комментарий

Per: http://cwe.mitre.org/data/definitions/601.html

"CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"

Ссылки

http://secunia.com/advisories/58400
Permissions Required
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3283
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34383
Vendor Advisory
http://www.securityfocus.com/bid/67665
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030306
Third Party Advisory
VDB Entry
http://secunia.com/advisories/58400
Permissions Required
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3283
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34383
Vendor Advisory
http://www.securityfocus.com/bid/67665
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030306
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:unified_communications_domain_manager:*:*:*:*:*:*:*:*

Версия до 9.0\(.1\) (включая)

cpe:2.3:a:cisco:unified_communications_domain_manager:7.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_domain_manager:8.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_domain_manager:8.6\(.2\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_domain_manager:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00554

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-phr7-fc98-f7gv

github

больше 3 лет назад