CVE-2012-4982
published 2012-12-05CVE-2012-4982: Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites…
PriorityP430medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
8.66%
94.4th percentile
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| forescout | counteract | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Forescout CounterACT - 'a' Open Redirection
exploitdb·2012-11-26
CVE-2012-4982 Forescout CounterACT - 'a' Open Redirection
Forescout CounterACT - 'a' Open Redirection
---
source: https://www.securityfocus.com/bid/56687/info
Forescout CounterACT is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit may aid in phishing attacks; other attacks are possible.
Forescout CounterACT 6.3.4.1 is vulnerable; other versions may also be affected.
http://www.example.com/assets/login?a=http://www.evil.com
Nuclei
Forescout CounterACT 6.3.4.1 - Open Redirect
nuclei·CVSS 5.8
CVE-2012-4982 [MEDIUM] Forescout CounterACT 6.3.4.1 - Open Redirect
Forescout CounterACT 6.3.4.1 - Open Redirect
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter.
Template:
id: CVE-2012-4982
info:
name: Forescout CounterACT 6.3.4.1 - Open Redirect
author: ctflearner
severity: medium
description: |
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware.
remediation: |
Apply the
2012-12-05
Published