CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
50.2%
A vulnerability in the URL redirection of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to obtain sensitive information.
The vulnerability is due to improper sanitization of redirect URLs. An attacker could exploit this vulnerability by submitting crafted URLs.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
After a successful exploit, the attacker could redirect a targeted user to a malicious site in an attempt to obtain sensitive information.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | cloud_portal | any | cpe:2.3:a:cisco:cloud_portal:any:*:*:*:*:*:*:* |