VDB
CVE-2021-34772
CVE-2021-34772
PUBLISHED
CVSS 4.699999809265137 MEDIUM
A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites.
EPSS 0.33% · 56.2th percentile
Risk Scores
CVSS 3.1
4.699999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
EPSS Score
0.33%
56.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | orbital | |
| Cisco | Cisco Orbital | n/a |
Exploit Intelligence
Timeline
- Oct 6, 2021 CVE Published
- Oct 7, 2021 EPSS Score
- Dec 3, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 28, 2022 EPSS Score
- Mar 26, 2022 EPSS Score
- May 22, 2022 EPSS Score
- Jul 19, 2022 EPSS Score
- Sep 13, 2022 EPSS Score
- Nov 9, 2022 EPSS Score
- Jan 5, 2023 EPSS Score
- Mar 3, 2023 EPSS Score
References
- 20211006 Cisco Orbital Open Redirect Vulnerability vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-34772 advisory