PT-2015-6861 · Novius · Novius Os

Hyp3Rlinx

Published

2015-07-01

Updated

2019-03-13

CVE-2015-5354

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Novius OS version 5.0.1

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via a URL in the redirect parameter to the "admin/nos/login" API endpoint.

Recommendations For Novius OS version 5.0.1, consider restricting access to the admin/nos/login endpoint until a patch is available, and avoid using the redirect parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2015-5354

Affected Products

Novius Os

PT-2015-6861 · Novius · Novius Os

CVE-2015-5354

Weakness Enumeration

Related Identifiers

Affected Products

References · 5