CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3840
https://notcve.org/view.php?id=CVE-2017-3840
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.8(2.5). Una vulnerabilidad en la interfaz web de Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado redirigir a un usuario a una página web maliciosa, también conocido como una Open Redirect Vulnerability. Más Información: CSCvc04849. • http://www.securityfocus.com/bid/96238 http://www.securitytracker.com/id/1037837 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs2 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3839
https://notcve.org/view.php?id=CVE-2017-3839
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5). Una vulnerabilidad XML External Entity en la interfaz de usuario basada en web de Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado tener acceso de lectura a parte de la información almacenada en el sistema afectado. Más Información: CSCvc04845. • http://www.securityfocus.com/bid/96236 http://www.securitytracker.com/id/1037836 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs1 • CWE-611: Improper Restriction of XML External Entity Reference •