CVE-2019-15974

Description

A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a users HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.249

Associated Vulnerability

Vulnerability	OS Platform
Cisco Managed Services Accelerator Open Redirect Vulnerability For Cisco Managed Services Accelerator	NCM
Improper Input Validation Vulnerability (CVE-2019-15974)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1701339	Security Update for Cisco Managed Services Accelerator 3.10.0

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234