CVE-2021-1218

CWE-601Open Redirect4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 91.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Smart Software Manager On-premCisco Cisco Smart Software Manager On-prem
Timeline
PublishedJan 20
Latest updateMay 24

Description

A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful explo

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-hr96-643c-qp42: A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a2022-05-24
CVEList
Cisco Smart Software Manager Satellite Open Redirect Vulnerability2021-01-20

📋Vendor Advisories

1
Cisco
Cisco Smart Software Manager Satellite Open Redirect Vulnerability2021-01-20
CVE-2021-1218 (MEDIUM CVSS 5.4) | A vulnerability in the web manageme | cvebase.io