← Back

CVE-2024-20369

nvd nist
Published: May 15, 2024Modified: Mar 25, 2025

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.

Affected (7)

Cisco
1 product
Network Services Orchestrator
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Network Services Orchestrator
From 5.4 to 5.5.10.1
Network Services Orchestrator
From 5.6 to 5.6.14.3
Network Services Orchestrator
From 5.7 to 5.7.15
Network Services Orchestrator
From 5.8 to 5.8.13.1
Network Services Orchestrator
From 6.0 to 6.0.12
Network Services Orchestrator
From 6.1 to 6.1.7
Network Services Orchestrator
From 6.2 to 6.2.2

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.