CVE-2022-20634

Name of the Vulnerable Software and Affected Versions Cisco ECE (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this by persuading a user to click a crafted link, allowing the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of issue is known as an open redirect and is used in phishing attacks.

Recommendations For all affected versions, update to the latest software version released by Cisco, as it addresses this issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using the interface until the issue is resolved with a software update.