CVE-2024-28344

Published: Apr 10, 2024Modified: Jun 17, 2026

3.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Exploitability: 1.6 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL.

Affected (1)

Products: Sipwise: Next Generation Communication Platform

Sipwise

1 product

Next Generation Communication Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sipwise Next Generation Communication Platform	Before mr11.5.1

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/

Source: cve@mitre.org

ExploitThird Party Advisory

https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.