Guest

Preview Tool

Cisco Bug: CSCvs93296 - Cisco Umbrella Open Redirect Vulnerability

Last Modified

Jun 17, 2020

Products (1)

  • Cisco Umbrella

Known Affected Releases

ALL

Description (partial)

Symptom:
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.

The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-open-redire-UgK9dWK4

Conditions:
At the time of publication, this vulnerability affected Cisco Umbrella, which is cloud based.

Cisco plans to address this vulnerability in Cisco Umbrella, which is cloud based. No user action is required. Customers can determine the current remediation status or software version by using the Help function in the service GUI.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.