Lucene search

Japan Vulnerability NotesJVN:73587943

HistoryJan 22, 2024 - 12:00 a.m.

JVN#73587943: Access analysis CGI An-Analyzer vulnerable to open redirect

2024-01-2200:00:00

Japan Vulnerability Notes

jvn.jp

jvn#73587943" "access analysis" "open redirect" "cwe-601" "phishing attack" "workaround" "loc.cgi" "anglersnet" "vulnerable" "december 31" "2023

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains an open redirect vulnerability (CWE-601).

Impact

When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.

Solution

Apply the workaround
Delete loc.cgi file included in the product.
For more information, refer to the information provided by the developer.

Products Affected

Access analysis CGI An-Analyzer released in 2023 December 31 and earlier

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for JVN:73587943