Lucene search

CiscoCVELIST:CVE-2021-1218

HistoryJan 20, 2021 - 8:11 p.m.

CVE-2021-1218 Cisco Smart Software Manager Satellite Open Redirect Vulnerability

2021-01-2020:11:29

CWE-601

cisco

www.cve.org

cve-2021-1218

cisco

smart software manager

open redirect

vulnerability

web management

http request

input validation

remote attacker

malicious url

exploit

web application

malicious website

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

30.8%

JSON

A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.

CNA Affected

[
  {
    "product": "Cisco Smart Software Manager On-Prem",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssmor-MDCWkT2x