VDB

CVE-2024-20369

CVE-2024-20369 PUBLISHED CVSS 4.699999809265137 MEDIUM

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.

EPSS 0.22% · 44.8th percentile

Risk Scores

CVSS 3.1
4.699999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
EPSS Score
0.22%
44.8th percentile

Affected Products

VendorProductVersions
CiscoCisco Network Services Orchestrator6.1.6, 5.7.4, 5.7.5
cisconetwork_services_orchestrator5.6, 5.7, 5.8

Exploit Intelligence

Timeline

  • May 15, 2024 CVE Published
  • May 16, 2024 EPSS Score
  • Jun 10, 2024 EPSS Score
  • Jul 4, 2024 EPSS Score
  • Jul 28, 2024 EPSS Score
  • Aug 1, 2024 CVE Updated
  • Aug 20, 2024 EPSS Score
  • Sep 13, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 7, 2024 EPSS Score
  • Oct 16, 2024 Coalition ESS Score
  • Oct 31, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›