CVE-2021-1358

Description

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.232

Associated Vulnerability

Vulnerability	OS Platform
Cisco Finesse Open Redirect Vulnerability For Cisco Finesse	NCM
Cisco Finesse Open Redirect Vulnerability For Cisco Packaged Contact Center Enterprise	NCM
Cisco Finesse Open Redirect Vulnerability For Cisco Unified Contact Center Express	NCM
CVE-2021-1358	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1705887	Security Update for Cisco Finesse 11.5(0.98000.126)
PATCH-1705202	Security Update for Cisco Packaged Contact Center Enterprise 12.6(1)
PATCH-1706052	Security Update for Cisco Unified Contact Center Express 11.6(1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234