URL Redirection Vulnerability in Dell EMC Unity and UnityVSA Products
CVE-2018-1251

8.3HIGH

Key Information:

Vendor: Dell
Status: Dell Emc Unity; Dell Emc Unityvsa
Vendor: CVE Published:; 28 September 2018

Summary

Dell EMC Unity and UnityVSA versions before 4.3.1.1525703027 are susceptible to a URL Redirection vulnerability. An unauthenticated remote attacker can exploit this flaw to redirect users to malicious web addresses by crafting deceptive Unisphere URLs. This exploitation may lead to phishing attacks, allowing the attacker to gather sensitive information, including user credentials, from unsuspecting victims.

Affected Version(s)

Dell EMC Unity < 4.3.1.1525703027

Dell EMC UnityVSA < 4.3.1.1525703027

References

https://seclists.org/fulldisclosure/2018/Sep/30

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 28, 2018
Vulnerability Reserved
Dec 6, 2017