Primary

Context

Cisco Catalyst Center Virtual Appliance HTTP Open Redirect Vulnerability

Vulnerability

A vulnerability exists in the web-based management interface of Cisco Catalyst Center Virtual Appliance on VMware ESXi. It allows an unauthenticated, remote attacker to redirect users to malicious web pages. This issue arises from improper input validation of HTTP request parameters, enabling attackers to intercept and modify requests to facilitate the redirection.

Impact

Exploitation of this vulnerability could lead to unauthorized redirection of users to malicious websites, potentially causing harm depending on the nature of the malicious site.

Remediation

Users are advised to upgrade to Cisco Catalyst Center version 2.3.7.10-VA or later. For versions 3.1, this vulnerability is not applicable. Instructions for obtaining the update can be found on the Cisco Support and Downloads page.

Added: Nov 13, 2025, 5:23 PM

Updated: Nov 13, 2025, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Catalyst Center Virtual Appliance HTTP Open Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating