Vulnerability Details : CVE-2015-0624
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.
Vulnerability category: Input validation
Products affected by CVE-2015-0624
- cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0624
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0624
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-0624
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0624
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624
Cisco AsyncOS Software HTTP Redirect VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1031781
Cisco Email Security Appliance Lets Remote Users Conduct URL Redirection Attacks - SecurityTracker
-
http://www.securitytracker.com/id/1031782
Cisco Web Security Appliance Lets Remote Users Conduct URL Redirection Attacks - SecurityTracker
-
http://www.securityfocus.com/bid/72702
Cisco AsyncOS Software CVE-2015-0624 Open Redirection Vulnerability
-
http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.html
Cisco Ironport AsyncOS HTTP Header Injection ≈ Packet StormExploit
Jump to