Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Enterprise Chat and Email Open Redirect Vulnerability
Vulnerability Description
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Cisco Enterprise Chat and Email 安全漏洞
Vulnerability Description
Cisco Enterprise Chat and Email(CEC)是美国思科(Cisco)公司的一套企业聊天和电子邮件解决方案。该产品主要为其它Cisco解决方案提供电子邮件、聊天和Web回调功能等。 Cisco Enterprise Chat and Email 存在安全漏洞,该漏洞源于 Cisco ECE 基于 Web 的管理界面中的一个漏洞可能允许未经身份验证的远程攻击者将用户重定向到不需要的网页。此漏洞是由于对发送到 受影响的系统。 攻击者可以通过诱使界面用户单击精心制作的链接来利用此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A