Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-4115

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-21 Oct, 2013 | 10:00
Updated At-16 Sep, 2024 | 19:15
Rejected At-
Credits

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:21 Oct, 2013 | 10:00
Updated At:16 Sep, 2024 | 19:15
Rejected At:
▼CVE Numbering Authority (CNA)

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4115
vendor-advisory
x_refsource_CISCO
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4115
Resource:
vendor-advisory
x_refsource_CISCO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4115
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4115
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:21 Oct, 2013 | 10:50
Updated At:11 Apr, 2025 | 00:51

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
Cisco Systems, Inc.
cisco
>>unified_computing_system>>-
cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-310Primarynvd@nist.gov
CWE ID: CWE-310
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4115psirt@cisco.com
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4115af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4115
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4115
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

71Records found
CVE-2012-4073
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.18% / 39.37%
||
7 Day CHG~0.00%
Published-20 Sep, 2013 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_systemn/a
CVE-2019-1683
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.98%
||
7 Day CHG~0.00%
Published-25 Feb, 2019 | 17:00
Updated-21 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa501g_firmwarespa525g_firmwarespa512gspa500spa525gspa512g_firmwarespa525spa508gspa500s_firmwarespa525_firmwarespa502g_firmwarespa501gspa502gspa5x5spa500sspa509gspa500dsspa504g_firmwarespa112_firmwarespa5x5_firmwarespa509g_firmwarespa508g_firmwarespa112spa514g_firmwarespa514gspa500_firmwarespa500ds_firmwarespa504gCisco Small Business SPA112 Series IP PhonesCisco Small Business SPA5X5 Series IP PhonesCisco Small Business SPA500 Series IP PhonesCisco Small Business SPA525 Series IP Phones
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-15974
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 48.00%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:27
Updated-13 Nov, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Managed Services Accelerator Open Redirect Vulnerability

A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-managed_services_acceleratorCisco Managed Services Accelerator
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0097
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.37%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 06:00
Updated-02 Dec, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_infrastructureCisco Prime Infrastructure
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-34764
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.32% / 54.82%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:55
Updated-07 Nov, 2024 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_management_center_virtual_appliancefirepower_threat_defensesourcefire_defense_centerCisco Firepower Management Center
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-12665
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.29% / 51.80%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-21 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS 12.2(15)B
CWE ID-CWE-399
Not Available
CVE-2017-6604
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 48.62%
||
7 Day CHG~0.00%
Published-07 Apr, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_systemCisco Integrated Management Controller
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2016-1444
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.69%
||
7 Day CHG~0.00%
Published-07 Jul, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_video_communication_server_softwaretelepresence_video_communication_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1392
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.22% / 45.00%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_collaboration_assurancen/a
CVE-2019-12621
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 23.31%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:00
Updated-20 Nov, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco HyperFlex Static SSL Key Vulnerability

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx240c_af_m5hyperflex_hx240c_m5hyperflex_hx220c_m5hyperflex_hx240c_m5_firmwarehyperflex_hx220c_edge_m5hyperflex_hx220c_m5_firmwarehyperflex_hx220c_af_m5_firmwarehyperflex_hx240c_af_m5_firmwarehyperflex_hx220c_edge_m5_firmwarehyperflex_hx220c_af_m5Cisco HyperFlex HX-Series
CWE ID-CWE-320
Not Available
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2017-12308
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.34%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 06:00
Updated-02 Dec, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches, Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches. Cisco Bug IDs: CSCvg29980.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-sf550x-48mpsg300-10p_firmwaresg300-52_firmwaresg500-52mp_firmwareesw2-550x-48dc_firmwaresg300-52sg500-28sg500x-48sg350x-24mpsx550x-24sg550x-48p_firmwaresg300-20sg500-28psg350x-48_firmwaresg350xg-24tsx550x-12fsg350x-24_firmwaresf350-48psf350-48sg550x-48mp_firmwareesw2-350g-52dcesw2-350g-52_firmwaresg500x-24psf300-48psf300-24_firmwaresg500-52esw2-550x-48_firmwaresf300-24mp_firmwaresf550x-24mp_firmwaresg500-28mpp_firmwaresg500-52psg350-28sg350x-24mp_firmwaresg500-52_firmwaresf550x-48p_firmwaresg550x-48psf300-24ppsg350x-48mp_firmwaresx550x-24ft_firmwaresg350x-24sg300-10mpp_firmwaresf550x-48_firmwaresg300-52mpsg350-10p_firmwaresg355-10psf302-08p_firmwaresg350-10psx550x-16ft_firmwaresg500-52mpsg300-52psg300-20_firmwaresf500-24p_firmwaresf500-48sg300-10sfpsg550x-24_firmwaresg300-28_firmwaresf302-08psg500-28mppsf500-24psf302-08ppsf350-48p_firmwaresg350xg-48t_firmwaresf300-48sg300-10sfp_firmwaresf550x-48mp_firmwaresg350-28p_firmwaresf550x-24_firmwaresg350xg-2f10sg300-28ppsg300-52mp_firmwaresf500-48_firmwaresg350-10mpsg500-28p_firmwaresf550x-48psg550x-24mppsf550x-24sf500-48psg350xg-24f_firmwaresg500-52p_firmwaresf500-48p_firmwaresg300-28mpsf302-08mp_firmwaresf350-48mp_firmwaresg350-28mpsg350x-48sg350-28mp_firmwaresg300-28pp_firmwaresf302-08sx550x-24fsg500x-48psg350-10mp_firmwaresf302-08mpp_firmwaresg355-10p_firmwaresg550x-24mp_firmwaresg500x-48p_firmwareesw2-350g-52sg300-10psg300-52p_firmwaresf300-48ppsg500x-24_firmwaresg350xg-24t_firmwaresg550x-48_firmwaresf550x-24p_firmwaresg350x-24p_firmwaresg300-10mp_firmwaresf302-08_firmwaresg300-10mpsg550x-24esw2-550x-48dcsf300-08sg300-10ppsg350xg-2f10_firmwaresf350-48_firmwaresx550x-24f_firmwaresg350-28pesw2-550x-48sg350xg-48tsf550x-48sg300-28sx550x-52_firmwaresg350-28_firmwaresg300-10_firmwaresg350x-48psg350-10sg550x-24mpsx550x-16ftsf300-24p_firmwaresg500x-24sg550x-48mpsg350-10_firmwaresx550x-24ftsx550x-52sg500x-24p_firmwaresg300-10pp_firmwaresf550x-24psg300-10sf500-24sf300-48p_firmwaresf350-48mpsg550x-24p_firmwaresg300-10mppsg500xg-8f8t_firmwaresg300-28psg550x-24pesw2-350g-52dc_firmwaresf300-24psf300-24sg350x-48mpsf302-08mppsg550x-48sf302-08mpsf300-48pp_firmwaresg350x-48p_firmwaresf300-24mpsg300-28mp_firmwaresg350x-24psf550x-24mpsx550x-12f_firmwaresf302-08pp_firmwaresg550x-24mpp_firmwaresx550x-24_firmwaresg500x-48_firmwaresg350xg-24fsf300-08_firmwaresg500xg-8f8tsg500-28_firmwaresf500-24_firmwaresf300-48_firmwaresf300-24pp_firmwaresg300-28p_firmwareCisco Small Business 300 and 500 Series Managed Switches
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CVE-2015-4297
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.06% / 19.44%
||
7 Day CHG~0.00%
Published-19 Aug, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_node_for_mcsn/a
CVE-2015-0697
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.21% / 43.01%
||
7 Day CHG~0.00%
Published-15 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_tc_softwaren/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2014-8029
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.33% / 55.24%
||
7 Day CHG~0.00%
Published-09 Jan, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemn/a
CVE-2014-0671
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.74% / 71.90%
||
7 Day CHG~0.00%
Published-22 Jan, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-mediasensen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1500
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 40.27%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:40
Updated-07 Nov, 2024 | 21:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to persuade users to unknowingly visit malicious sites.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-collaboration_meeting_roomswebex_video_meshCisco Webex Video Mesh
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-1277
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.99%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 19:56
Updated-12 Nov, 2024 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Certificate Validation Vulnerabilities

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-1397
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.18% / 39.83%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:42
Updated-08 Nov, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Integrated Management Controller Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-c225_m6_firmwareucs-e140ducs-e140dp_firmwareucs-e160dp-m1_firmwareucs-e140dpc480_m5ucs-e180d-m2_firmwareencs_5400c220_m6_firmwareucs-e180d-m3c240_m5_firmwareucs_s3260c220_m5_firmwareucs-e160ducs-e140s-m1ucs-e1120d-m3c240_m6_firmwareucs-e160d_firmwareucs-e160dp-m1ucs_s3260_firmwarec480_m5_firmwareucs-e140sc240_m6c220_m6c240_m5ucs-e1120d-m3_firmwarec480_ml_m5integrated_management_controllerucs-e140d_firmwareucs-e140s_firmwareencs_5400_firmwareucs-e180d-m2encs_5100_firmwarec125_m5ucs-e140s-m2c225_m6c245_m6_firmwareucs_managerc245_m6c480_ml_m5_firmwareucs-e160s-m3_firmwareucs-e160s-m3c220_m5encs_5100c125_m5_firmwareucs-e180d-m3_firmwareucs-e140s-m2_firmwareucs-e140s-m1_firmwareCisco Unified Computing System (Standalone)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-3578
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.22%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:40
Updated-13 Nov, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Portal Access Rule Bypass Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. The vulnerability is due to insufficient validation of URLs when portal access rules are configured. An attacker could exploit this vulnerability by accessing certain URLs on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-3155
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.25% / 48.10%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 18:40
Updated-15 Nov, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Intelligent Proximity SSL Certificate Validation Vulnerability

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-jabbermeetingtelepresence_codec_c90intelligence_proximitytelepresence_codec_c90_firmwarewebex_teamstelepresence_codec_c60telepresence_codec_c40telepresence_codec_c60_firmwaretelepresence_codec_c40_firmwarewebex_meetingsCisco Jabber IM for Android
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-3178
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.00%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 16:35
Updated-15 Nov, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Content Security Management Appliance Open Redirect Vulnerabilities

Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-content_security_management_applianceCisco Content Security Management Appliance (SMA)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • Next
Details not found