Cisco Bug: CSCvs93296 - Cisco Umbrella Open Redirect Vulnerability
Jun 17, 2020
- Cisco Umbrella
Known Affected Releases
Symptom: A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-open-redire-UgK9dWK4 Conditions: At the time of publication, this vulnerability affected Cisco Umbrella, which is cloud based. Cisco plans to address this vulnerability in Cisco Umbrella, which is cloud based. No user action is required. Customers can determine the current remediation status or software version by using the Help function in the service GUI.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases