Unrated severityNVD Advisory· Published Apr 23, 2015· Updated May 6, 2026

CVE-2015-0706

Description

Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco FireSIGHT Management Center before 5.4.0 contains an open redirect via crafted HTTP header, enabling phishing attacks.

Vulnerability

Cisco FireSIGHT System Software versions 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center contain an open redirect vulnerability. The flaw exists in the handling of HTTP headers, allowing a remote attacker to redirect users to arbitrary external web sites by injecting a crafted header. This occurs without requiring any special configuration or additional privileges on the target system [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP header to the vulnerable FireSIGHT Management Center. The attack does not require authentication, as the vulnerable service is accessible remotely. The attacker simply constructs a malicious link containing the offending header, and if a victim follows the link, the server will redirect the victim to the attacker-controlled site [1].

Impact

Successful exploitation enables an attacker to redirect users to arbitrary external websites. This can be used to conduct phishing attacks by presenting victims with spoofed pages that mimic legitimate interfaces, potentially stealing credentials or other sensitive information. The vulnerability does not compromise the FireSIGHT Management Center itself beyond the redirect behavior [1].

Mitigation

Cisco has not released a fixed version in the available references. However, as of the publication date (2015-04-23), users are advised to upgrade to a version beyond 5.3.1.2 or to the latest supported release. More recent versions of FireSIGHT System Software (e.g., 5.4.0 and later) should not be affected. Cisco's advisory [1] does not list this CVE in the KEV catalog, and no workaround is provided in the reference.

References

Announcement Regarding Non-Cisco Product Security Alerts

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Firesight System Software4 versions
cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:cisco:firesight_system_software:5.3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firesight_system_software:5.3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*
- (no CPE)range: = 5.3.1.1, 5.3.1.2, 6.0.0
Cisco Systems, Inc./FireSIGHT Management Centerllm-fuzzy
Range: = 5.3.1.1, 5.3.1.2, 6.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000