URL Redirection Vulnerability in Cisco Prime Service Catalog
CVE-2017-3810

5.4MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Service Catalog 10.0 R2 Tanggula
Vendor
CVE Published:
3 February 2017

Summary

A vulnerability exists within the web framework of Cisco Prime Service Catalog that could be exploited by an authenticated, remote attacker. This flaw allows the attacker to perform a web URL redirect attack, targeting users who are logged into an affected system, potentially leading to unauthorized access or data interception. Administrators should ensure systems are up to date and review security best practices to mitigate risk associated with this vulnerability.

Affected Version(s)

Cisco Prime Service Catalog 10.0_R2_tanggula Cisco Prime Service Catalog 10.0_R2_tanggula

References

http://www.securityfocus.com/bid/95947
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037772
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.