Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Content Security Management Appliance Open Redirect Vulnerabilities
Vulnerability Description
Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Cisco Content Security Management Appliance 输入验证错误漏洞
Vulnerability Description
Cisco Content Security Management Appliance(SMA)是美国思科(Cisco)公司的一套内容安全管理设备。该设备主要用于管理电子邮件和Web安全设备的所有策略、报告、审计信息等。 Cisco Content SMA 13.6之前版本中的基于Web的GUI存在输入验证错误漏洞,该漏洞源于未对HTTP请求参数的输入进行正确的验证。攻击者可通过拦截HTTP请求并对其进行修改利用该漏洞将用户重定向到恶意网页或获取基于浏览器的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A