SynopsisThe remote device is missing a vendor-supplied security patch
DescriptionAccording to its self-reported version, Cisco Content Security Management Appliance (SMA) is affected by multiple vulnerabilities in the web-based GUI due to improper input validation of the parameters of an HTTP request. An unauthenticated, remote attacker can exploit these, by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL, in order to redirect the user to a malicious web page or to obtain sensitive browser-based information.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
SolutionUpgrade to the relevant fixed version referenced in Cisco bug IDs CSCvq83107, CSCvr82721