CVE-2017-3810

CWE-601 — Open Redirect CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 66.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Service Catalog

Timeline

PublishedFeb 3

Latest updateMay 17

Description

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDcisco/prime_service_catalog10.0\(r2\)_base

▶CVEListV5cisco_prime_service_catalog_10.0_r2_tanggulaCisco Prime Service Catalog 10.0_R2_tanggula

🔴Vulnerability Details

GHSA

GHSA-5pp8-66vq-8jgr: A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack↗2022-05-17

▶

CVEList

CVE-2017-3810: A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack↗2017-02-03

▶

📋Vendor Advisories

Cisco

Cisco Prime Service Catalog URL Redirect Attack Vulnerability↗2017-02-01

▶