Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-20369

MEDIUM
Published 2024-05-15T17:23:34.938Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-20369. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
4.7
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.006
probability
of exploitation in the wild

There is a 0.6% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.670
Higher than 67.0% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
NONE
Integrity
LOW
Availability
NONE

Description

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Cisco

Cisco Network Services Orchestrator

Affected Versions:

5.4 5.5 5.6 5.7 5.8 5.1.1.1 5.1.1.3 5.1.2 5.2.0.4 5.2.1 5.2.1.1 5.2.3.2 5.3.1 5.3.4.3 5.4.0.1 5.4.1 5.4.1.1 5.4.2 5.4.3.1 5.4.4.1 5.4.4 5.4.4.3 5.4.3.3 5.4.5.1 5.4.5.2 5.4.5 5.4.6 5.4.7 5.4.7.1 5.5.1 5.5.2 5.5.2.1 5.5.2.3 5.5.2.4 5.5.2.9 5.5.2.10 5.5.3 5.5.2.7 5.5.2.12 5.5.4.1 5.5.3.1 5.5.5 5.5.6 5.5.7 5.5.8 5.6.1 5.6.3 5.6.2 5.6.5 5.6.6 5.6.6.1 5.6.7 5.6.7.1 5.6.8 5.6.8.1 5.6.11 5.6.13 5.6.14 5.6.14.1 5.7.1.1 5.7.1 5.7.2 5.7.2.1 5.7.3 5.7.4 5.7.5 5.7.5.1 5.7.6 5.7.6.2 5.7.8 5.7.10 5.7.10.2 5.7.11 5.7.13 5.7.14 5.7.9 5.7.9.1 5.8.1 5.8.2 5.8.2.1 5.8.5 5.8.10 5.8.11 5.8.9 6.1 6.2 6.0.1.1 6.0.10 6.0.5 6.0.8 6.1.2.1 6.1.5 6.1.6

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-g96r-v5qq-9qch

Advisory Details

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-20369
WEB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-ordir-MNM8YqzO

Advisory provided by GitHub Security Advisory Database. Published: May 15, 2024, Modified: May 15, 2024

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-ordir-MNM8YqzO
Published: 2024-05-15T17:23:34.938Z
Last Modified: 2024-08-01T21:59:42.814Z
Copied to clipboard!