CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3840
https://notcve.org/view.php?id=CVE-2017-3840
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.8(2.5). Una vulnerabilidad en la interfaz web de Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado redirigir a un usuario a una página web maliciosa, también conocido como una Open Redirect Vulnerability. Más Información: CSCvc04849. • http://www.securityfocus.com/bid/96238 http://www.securitytracker.com/id/1037837 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs2 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3838
https://notcve.org/view.php?id=CVE-2017-3838
A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5). Una vulnerabilidad en Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS basado en DOM contra el usuario de la interfaz web del sistema afectado. Más Información: CSCvc04838. • http://www.securityfocus.com/bid/96234 http://www.securitytracker.com/id/1037835 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •