CVE-2018-0097
Last modified
CVE-2018-0097 is a vulnerability of currently unknown severity. A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. EPSS estimates a 1.24% chance of exploitation in the next 30 days.
Description
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Prime Infrastructure | All versions |
References
- http://www.securityfocus.com/bid/102724Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040243Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/102724Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040243Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-0097?
How severe is CVE-2018-0097?
How do I fix CVE-2018-0097?
Are you affected by CVE-2018-0097?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST