The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including a remote site URL in the affected parameter of the Cisco WebEx URL. An exploit could allow the attacker to redirect a user to a malicious website.
To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link: http://ift.tt/2k06SMp
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including a remote site URL in the affected parameter of the Cisco WebEx URL. An exploit could allow the attacker to redirect a user to a malicious website.
To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link: http://ift.tt/2k06SMp
Security Impact Rating: Medium
CVE: CVE-2017-3799
from Cisco Security Advisory http://ift.tt/2k06SMp
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.