CVE-2024-20369

Summary

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Network Services Orchestrator5.4affected
CiscoCisco Network Services Orchestrator5.5affected
CiscoCisco Network Services Orchestrator5.6affected
CiscoCisco Network Services Orchestrator5.7affected
CiscoCisco Network Services Orchestrator5.8affected
CiscoCisco Network Services Orchestrator5.1.1.1affected
CiscoCisco Network Services Orchestrator5.1.1.3affected
CiscoCisco Network Services Orchestrator5.1.2affected
CiscoCisco Network Services Orchestrator5.2.0.4affected
CiscoCisco Network Services Orchestrator5.2.1affected
CiscoCisco Network Services Orchestrator5.2.1.1affected
CiscoCisco Network Services Orchestrator5.2.3.2affected
CiscoCisco Network Services Orchestrator5.3.1affected
CiscoCisco Network Services Orchestrator5.3.4.3affected
CiscoCisco Network Services Orchestrator5.4.0.1affected
CiscoCisco Network Services Orchestrator5.4.1affected
CiscoCisco Network Services Orchestrator5.4.1.1affected
CiscoCisco Network Services Orchestrator5.4.2affected
CiscoCisco Network Services Orchestrator5.4.3.1affected
CiscoCisco Network Services Orchestrator5.4.4.1affected
CiscoCisco Network Services Orchestrator5.4.4affected
CiscoCisco Network Services Orchestrator5.4.4.3affected
CiscoCisco Network Services Orchestrator5.4.3.3affected
CiscoCisco Network Services Orchestrator5.4.5.1affected
CiscoCisco Network Services Orchestrator5.4.5.2affected
CiscoCisco Network Services Orchestrator5.4.5affected
CiscoCisco Network Services Orchestrator5.4.6affected
CiscoCisco Network Services Orchestrator5.4.7affected
CiscoCisco Network Services Orchestrator5.4.7.1affected
CiscoCisco Network Services Orchestrator5.5.1affected
CiscoCisco Network Services Orchestrator5.5.2affected
CiscoCisco Network Services Orchestrator5.5.2.1affected
CiscoCisco Network Services Orchestrator5.5.2.3affected
CiscoCisco Network Services Orchestrator5.5.2.4affected
CiscoCisco Network Services Orchestrator5.5.2.9affected
CiscoCisco Network Services Orchestrator5.5.2.10affected
CiscoCisco Network Services Orchestrator5.5.3affected
CiscoCisco Network Services Orchestrator5.5.2.7affected
CiscoCisco Network Services Orchestrator5.5.2.12affected
CiscoCisco Network Services Orchestrator5.5.4.1affected
CiscoCisco Network Services Orchestrator5.5.3.1affected
CiscoCisco Network Services Orchestrator5.5.5affected
CiscoCisco Network Services Orchestrator5.5.6affected
CiscoCisco Network Services Orchestrator5.5.7affected
CiscoCisco Network Services Orchestrator5.5.8affected
CiscoCisco Network Services Orchestrator5.6.1affected
CiscoCisco Network Services Orchestrator5.6.3affected
CiscoCisco Network Services Orchestrator5.6.2affected
CiscoCisco Network Services Orchestrator5.6.5affected
CiscoCisco Network Services Orchestrator5.6.6affected
CiscoCisco Network Services Orchestrator5.6.6.1affected
CiscoCisco Network Services Orchestrator5.6.7affected
CiscoCisco Network Services Orchestrator5.6.7.1affected
CiscoCisco Network Services Orchestrator5.6.8affected
CiscoCisco Network Services Orchestrator5.6.8.1affected
CiscoCisco Network Services Orchestrator5.6.11affected
CiscoCisco Network Services Orchestrator5.6.13affected
CiscoCisco Network Services Orchestrator5.6.14affected
CiscoCisco Network Services Orchestrator5.6.14.1affected
CiscoCisco Network Services Orchestrator5.7.1.1affected
CiscoCisco Network Services Orchestrator5.7.1affected
CiscoCisco Network Services Orchestrator5.7.2affected
CiscoCisco Network Services Orchestrator5.7.2.1affected
CiscoCisco Network Services Orchestrator5.7.3affected
CiscoCisco Network Services Orchestrator5.7.4affected
CiscoCisco Network Services Orchestrator5.7.5affected
CiscoCisco Network Services Orchestrator5.7.5.1affected
CiscoCisco Network Services Orchestrator5.7.6affected
CiscoCisco Network Services Orchestrator5.7.6.2affected
CiscoCisco Network Services Orchestrator5.7.8affected
CiscoCisco Network Services Orchestrator5.7.10affected
CiscoCisco Network Services Orchestrator5.7.10.2affected
CiscoCisco Network Services Orchestrator5.7.11affected
CiscoCisco Network Services Orchestrator5.7.13affected
CiscoCisco Network Services Orchestrator5.7.14affected
CiscoCisco Network Services Orchestrator5.7.9affected
CiscoCisco Network Services Orchestrator5.7.9.1affected
CiscoCisco Network Services Orchestrator5.8.1affected
CiscoCisco Network Services Orchestrator5.8.2affected
CiscoCisco Network Services Orchestrator5.8.2.1affected
CiscoCisco Network Services Orchestrator5.8.5affected
CiscoCisco Network Services Orchestrator5.8.10affected
CiscoCisco Network Services Orchestrator5.8.11affected
CiscoCisco Network Services Orchestrator5.8.9affected
CiscoCisco Network Services Orchestrator6.1affected
CiscoCisco Network Services Orchestrator6.2affected
CiscoCisco Network Services Orchestrator6.0.1.1affected
CiscoCisco Network Services Orchestrator6.0.10affected
CiscoCisco Network Services Orchestrator6.0.5affected
CiscoCisco Network Services Orchestrator6.0.8affected
CiscoCisco Network Services Orchestrator6.1.2.1affected
CiscoCisco Network Services Orchestrator6.1.5affected
CiscoCisco Network Services Orchestrator6.1.6affected

Weaknesses

  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References