CVE-2024-28344

An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL.

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/	Exploit Third Party Advisory
https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sipwise:next_generation_communication_platform:*:*:*:*:-:*:*:*

History

17 Jun 2025, 17:34

Type	Values Removed	Values Added
References	~~() https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/ -~~	() https://securitycafe.ro/2024/03/21/cve-2024-28344-cve-2024-28345-in-sipwise-c5/ - Exploit, Third Party Advisory
CPE		cpe:2.3:a:sipwise:next_generation_communication_platform:::::-:::*
First Time		Sipwise Sipwise next Generation Communication Platform

Information

Published : 2024-04-10 19:15

Updated : 2025-06-17 17:34

NVD link : CVE-2024-28344

Mitre link : CVE-2024-28344

CVE.ORG link : CVE-2024-28344

JSON object : View

Products Affected

sipwise

next_generation_communication_platform

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

3.1 /10