6.1
CVE-2024-20369
- EPSS 0.22%
- Veröffentlicht 15.05.2024 18:15:09
- Zuletzt bearbeitet 25.03.2025 17:44:05
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Network Services Orchestrator Version >= 5.4 < 5.5.10.1
Cisco ≫ Network Services Orchestrator Version >= 5.6 < 5.6.14.3
Cisco ≫ Network Services Orchestrator Version >= 5.7 < 5.7.15
Cisco ≫ Network Services Orchestrator Version >= 5.8 < 5.8.13.1
Cisco ≫ Network Services Orchestrator Version >= 6.0 < 6.0.12
Cisco ≫ Network Services Orchestrator Version >= 6.1 < 6.1.7
Cisco ≫ Network Services Orchestrator Version >= 6.2 < 6.2.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.447 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| psirt@cisco.com | 4.7 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.