Open redirect in Cisco Prime Infrastructure - CVE-2018-0097
Published: January 19, 2018
Vulnerability identifier: #VU10117
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0097
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Prime Infrastructure
Cisco Prime Infrastructure
Detailed vulnerability description
The vulnerability allows a remote attacker to redirect the target user to external websites.
The vulnerability exists in the web interface of Cisco Prime Infrastructure due to improper input validation of the parameters in the HTTP request. A remote attacker can use a specially crafted HTTP request that could cause the web application to redirect the request to a specific malicious URL.
The vulnerability exists in the web interface of Cisco Prime Infrastructure due to improper input validation of the parameters in the HTTP request. A remote attacker can use a specially crafted HTTP request that could cause the web application to redirect the request to a specific malicious URL.
How to mitigate CVE-2018-0097
Install update from vendor's website.