Vulnslist

find the latest Cisco vulnerabilities

Cisco Crosswork Network Services Orchestrator Open Redirect Vulnerability

cisco-sa-nso-ordir-MNM8YqzO · Medium · Published · Updated

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-ordir-MNM8YqzO

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2024-20369
Cisco Bug IDsCSCwi31723
CVSS ScoreBase 4.7
Base 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Network Services Orchestrator

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Network Services Orchestrator known_affected cisco_csaf CVE-2024-20369 1

Related Products

Product CVE Evidence
Cisco Crosswork Planning CVE-2024-20369 Cisco OpenVuln
Cisco Network Services Orchestrator CVE-2024-20369 Cisco OpenVuln