CVE-2018-15403 (CNNVD-201810-194)
中文标题:
多款Cisco产品安全漏洞
英文标题:
Multiple Cisco Unified Communications Products Open Redirect Vulnerability
漏洞描述
中文描述:
Cisco Emergency Responder等都是美国思科(Cisco)公司的产品。Cisco Emergency Responder是一套IP通信系统中的应急呼叫软件。Finesse是一套下一代客户协作服务解决方案。 多款Cisco产品中的Web界面存在开放重定向漏洞,该漏洞源于程序没有正确的对HTTP请求中的参数执行输入验证。远程攻击者可通过发送特制的HTTP请求利用该漏洞重定向用户至恶意Web页面。以下产品受到影响:Cisco Emergency Responder;Unified Communications Manager;Unified Communications Manager IM & Presence Service;Unity Connection。
英文描述:
A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Emergency Responder | n/a | - | - |
cpe:2.3:a:cisco:cisco_emergency_responder:n_a:*:*:*:*:*:*:*
|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | - | - |
cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*
|
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | - | - |
cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):*:*:*:*:*:*:*
|
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | - | - |
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*
|
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | - | - |
cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:*:*:*:*
|
| cisco | unity_connection | 9.1\(1\)es23 | - | - |
cpe:2.3:a:cisco:unity_connection:9.1\(1\)es23:*:*:*:*:*:*:*
|
| cisco | unified_communications_manager_im_and_presence_service | 10.5\(1\) | - | - |
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\):*:*:*:*:*:*:*
|
| cisco | unified_communications_manager_im_and_presence_service | 10.5\(2\) | - | - |
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\):*:*:*:*:*:*:*
|
| cisco | unified_communications_manager_im_and_presence_service | 12.0\(1\) | - | - |
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.0\(1\):*:*:*:*:*:*:*
|
| cisco | unified_communications_manager_im_and_presence_service | 12.5\(1\) | - | - |
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\):*:*:*:*:*:*:*
|
| cisco | emergency_responder | 11.5\(4.59000.1\) | - | - |
cpe:2.3:a:cisco:emergency_responder:11.5\(4.59000.1\):*:*:*:*:*:*:*
|
| cisco | emergency_responder | 12.0\(1.40000.3\) | - | - |
cpe:2.3:a:cisco:emergency_responder:12.0\(1.40000.3\):*:*:*:*:*:*:*
|
| cisco | emergency_responder | 12.5\(0.98000.110\) | - | - |
cpe:2.3:a:cisco:emergency_responder:12.5\(0.98000.110\):*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2018-15403 |
2025-11-11 15:19:41 | 2025-11-11 07:35:07 |
| NVD | nvd_CVE-2018-15403 |
2025-11-11 14:55:59 | 2025-11-11 07:43:41 |
| CNNVD | cnnvd_CNNVD-201810-194 |
2025-11-11 15:10:05 | 2025-11-11 07:54:04 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 输入验证错误
- cnnvd_id: 未提取 -> CNNVD-201810-194
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.4
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 1 -> 13
- data_sources: ['cve'] -> ['cve', 'nvd']