CVE-2020-3178 — Open Redirect in Cisco Content Security Management Appliance

CWE-601 — Open Redirect5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 51.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Content Security Management Appliance Cisco Content Security Management Appliance

Timeline

PublishedMay 6

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attac…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDcisco/content_security_management_appliance< 13.6.0

▶CVEListV5cisco/cisco_content_security_management_appliancen/a

🔴Vulnerability Details

GHSA

GHSA-8mc8-gh78-5fvq: Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthent↗2022-05-24

▶

OSV

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-03-16

▶

CVEList

Cisco Content Security Management Appliance Open Redirect Vulnerabilities↗2020-05-06

▶

📋Vendor Advisories

Cisco

Cisco Content Security Management Appliance Open Redirect Vulnerabilities↗2020-05-06

▶