ID

VAR-202105-0442


CVE

CVE-2021-1358


TITLE

Cisco Finesse  Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007181

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites. Cisco Finesse Contains an open redirect vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Finesse is a set of call center management software developed by Cisco

Trust: 2.34

sources: NVD: CVE-2021-1358 // JVNDB: JVNDB-2021-007181 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374412 // VULMON: CVE-2021-1358

AFFECTED PRODUCTS

vendor:ciscomodel:finessescope:lteversion:12.6\(1\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco finessescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco finessescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007181 // NVD: CVE-2021-1358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1358
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1358
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1358
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-1269
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374412
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1358
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374412
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1358
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1358
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-1358
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374412 // JVNDB: JVNDB-2021-007181 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1269 // NVD: CVE-2021-1358 // NVD: CVE-2021-1358

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.1

problemtype:Open redirect (CWE-601) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374412 // JVNDB: JVNDB-2021-007181 // NVD: CVE-2021-1358

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1269

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-finesse-opn-rdrct-epDeh7Rurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-opn-rdrct-epDeh7R

Trust: 0.8

title:Cisco Finesse Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151159

Trust: 0.6

title:Cisco: Cisco Finesse Open Redirect Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-finesse-opn-rdrct-epDeh7R

Trust: 0.1

sources: VULMON: CVE-2021-1358 // JVNDB: JVNDB-2021-007181 // CNNVD: CNNVD-202105-1269

EXTERNAL IDS

db:NVDid:CVE-2021-1358

Trust: 3.4

db:JVNDBid:JVNDB-2021-007181

Trust: 0.8

db:CNNVDid:CNNVD-202105-1269

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021052011

Trust: 0.6

db:AUSCERTid:ESB-2021.1746

Trust: 0.6

db:VULHUBid:VHN-374412

Trust: 0.1

db:VULMONid:CVE-2021-1358

Trust: 0.1

sources: VULHUB: VHN-374412 // VULMON: CVE-2021-1358 // JVNDB: JVNDB-2021-007181 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1269 // NVD: CVE-2021-1358

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-finesse-opn-rdrct-epdeh7r

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1358

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-unified-ccx-open-redirect-via-finesse-35488

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052011

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1746

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374412 // VULMON: CVE-2021-1358 // JVNDB: JVNDB-2021-007181 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1269 // NVD: CVE-2021-1358

SOURCES

db:VULHUBid:VHN-374412
db:VULMONid:CVE-2021-1358
db:JVNDBid:JVNDB-2021-007181
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-1269
db:NVDid:CVE-2021-1358

LAST UPDATE DATE

2024-08-14T12:20:56.840000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374412date:2021-05-27T00:00:00
db:VULMONid:CVE-2021-1358date:2021-05-22T00:00:00
db:JVNDBid:JVNDB-2021-007181date:2022-02-03T08:31:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-1269date:2021-05-28T00:00:00
db:NVDid:CVE-2021-1358date:2023-11-07T03:28:05.180

SOURCES RELEASE DATE

db:VULHUBid:VHN-374412date:2021-05-22T00:00:00
db:VULMONid:CVE-2021-1358date:2021-05-22T00:00:00
db:JVNDBid:JVNDB-2021-007181date:2022-02-03T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-1269date:2021-05-19T00:00:00
db:NVDid:CVE-2021-1358date:2021-05-22T07:15:07.250