cisco content-security-management-appliance CVE-2020-3178 is a vulnerability in Cisco Content Security Management Appliance
Published on May 6, 2020

Cisco Content Security Management Appliance Open Redirect Vulnerabilities
Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites.

Vendor Advisory NVD

Weakness Type

What is an Open Redirect Vulnerability?

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.

CVE-2020-3178 has been classified to as an Open Redirect vulnerability or weakness.


Products Associated with CVE-2020-3178

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-3178 are published in Cisco Content Security Management Appliance:

Cisco Content Security Management Appliance
 

Affected Versions

Cisco Content Security Management Appliance (SMA) Version n/a is affected by CVE-2020-3178

Exploit Probability

EPSS
0.25%
Percentile
47.85%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.