First published: Wed Oct 21 2020(Updated: )
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Firepower Management Center | >=6.2.0<=6.2.3.16 | |
Cisco Firepower Management Center | >=6.3.0<=6.3.0.5 | |
Cisco Firepower Management Center | >=6.4.0<=6.4.0.9 | |
Cisco Firepower Management Center | >=6.5.0<=6.5.0.4 | |
Cisco Secure Firewall Management Center | >=6.2.0<=6.2.3.16 | |
Cisco Secure Firewall Management Center | >=6.3.0<=6.3.0.5 | |
Cisco Secure Firewall Management Center | >=6.4.0<=6.4.0.9 | |
Cisco Secure Firewall Management Center | >=6.5.0<=6.5.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.