CVE-2017-3810 — MEDIUM (5.4)

Vulnerability Description

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Prime Service Catalog	10.0\(r2\)_base

Related Weaknesses (CWE)

CWE-601

References

http://www.securityfocus.com/bid/95947Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037772
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/95947Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037772
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2017-3810?

CVE-2017-3810 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected sy...

How severe is CVE-2017-3810?

CVE-2017-3810 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-3810?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Prime Service Catalog.