CVE-2018-15403

CWE-601 — Open Redirect4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 63.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Emergency Responder Cisco Emergency Responder Cisco Unified Communications Manager +2 more

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request t…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶NVDcisco/unified_communications_manager_im_and_presence_service4 versions+3

▶NVDcisco/unified_communications_manager4 versions+3

▶NVDcisco/unity_connection9.1\(1\)es23

▶NVDcisco/emergency_responder11.5\(4.59000.1\), 12.0\(1.40000.3\), 12.5\(0.98000.110\)+2

▶CVEListV5cisco/cisco_emergency_respondern/a

🔴Vulnerability Details

GHSA

GHSA-85vf-h2ww-rm2q: A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Pre↗2022-05-13

▶

CVEList

Multiple Cisco Unified Communications Products Open Redirect Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Multiple Cisco Unified Communications Products Open Redirect Vulnerability↗2018-10-03

▶