← Back

CVE-2020-3558

nvd nist
Published: Oct 21, 2020Modified: Nov 26, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

Affected (4)

Cisco
1 product
Secure Firewall Management Center
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Secure Firewall Management Center
From 6.2.0 to 6.2.3.16
Secure Firewall Management Center
From 6.3.0 to 6.3.0.5
Secure Firewall Management Center
From 6.4.0 to 6.4.0.9
Secure Firewall Management Center
From 6.5.0 to 6.5.0.4

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.