CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
41.5%
A vulnerability in Cisco Cloud Portal Appliance could aid an unauthenticated, remote attacker in performing a man-in-the-middle attack.
The vulnerability is due to a design error in the affected software. An unauthenticated, remote attacker could exploit this vulnerability to perform a man-in-the-middle attack against a user logging in to a targeted device. A successful exploit could be used to conduct further attacks.
Cisco has confirmed the vulnerability and released software updates.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | prime_service_catalog | any | cpe:2.3:a:cisco:prime_service_catalog:any:*:*:*:*:*:*:* |