CVE-2023-37624

Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/benjaminpsinclair/Netdisco-2023-Advisory	Exploit
https://github.com/benjaminpsinclair/Netdisco-CVE	Exploit
https://github.com/netdisco/netdisco/commit/a2da6a7a046c1c0fd41072dd6991eec7614293f8	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:netdisco:netdisco:*:*:*:*:*:*:*:*

History

02 Aug 2023, 00:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
CPE		cpe:2.3:a:netdisco:netdisco::::::::
CWE		CWE-601
References	~~(MISC) https://github.com/netdisco/netdisco/commit/a2da6a7a046c1c0fd41072dd6991eec7614293f8 -~~	(MISC) https://github.com/netdisco/netdisco/commit/a2da6a7a046c1c0fd41072dd6991eec7614293f8 - Patch
References	~~(MISC) https://github.com/benjaminpsinclair/Netdisco-CVE -~~	(MISC) https://github.com/benjaminpsinclair/Netdisco-CVE - Exploit
References	~~(MISC) https://github.com/benjaminpsinclair/Netdisco-2023-Advisory -~~	(MISC) https://github.com/benjaminpsinclair/Netdisco-2023-Advisory - Exploit

26 Jul 2023, 21:40

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-26 20:15

Updated : 2024-02-05 00:01

NVD link : CVE-2023-37624

Mitre link : CVE-2023-37624

CVE.ORG link : CVE-2023-37624

JSON object : View

Products Affected

netdisco

netdisco

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

6.1 /10