Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote malicious user to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the malicious user to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco content security management appliance |
Switchzilla issues a whopping 30+ patches in time for the long UK weekend
Cisco has emitted a fresh round of software updates to address nearly three dozen security holes in its products. The patches, released over May 6 and 7, include 12 issues considered high-severity bugs, and another 22 classified as moderate severity. One of the holes has two CVE numbers assigned to it, so that's a total of 35 CVE-listed security vulnerabilities. Despite the absence of a critical remote code or command execution bug, the patches include a number of serious programming blunders, p...