Open Redirect Vulnerability in Cisco Prime Collaboration Assurance Software
CVE-2016-1392

7.4HIGH

Key Information:

Vendor: Cisco
Status: Prime Collaboration Assurance
Vendor: CVE Published:; 5 May 2016

What is CVE-2016-1392?

An open redirect vulnerability exists in Cisco Prime Collaboration Assurance Software versions 10.5 to 11.0. This issue enables remote attackers to redirect users to arbitrary websites, potentially facilitating phishing attacks. Attackers can exploit this flaw using unspecified methods, putting affected organizations at risk by misleading users into visiting malicious sites.

References

http://www.securitytracker.com/id/1035736

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2016
Vulnerability Reserved
Jan 4, 2016