CVE-2024-20400

CWE-601 — Open Redirect4 documents4 sources

Severity

4.7MEDIUM

EPSS

0.4%

top 40.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Telepresence Video Communication Server (vcs) Expressway Cisco Telepresence Video Communication Server

Timeline

PublishedJul 17

Description

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Note: Cisco Expressway Series refers to Cisco Ex…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco/cisco_telepresence_video_communication_server_(vcs)_expressway74 versions+73

▶NVDcisco/telepresence_video_communication_server74 versions+73

🔴Vulnerability Details

CVEList

CVE-2024-20400: A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to↗2024-07-17

▶

GHSA

GHSA-cv3h-4jh6-rh6p: A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to↗2024-07-17

▶

📋Vendor Advisories

Cisco

Cisco Expressway Series Open Redirect Vulnerability↗2024-07-17

▶