Alta Aware — 1586: open redirect vulnerability in Ava Cloud SSO login

Release Date

31st of July 2024.

Overview

An Open Redirect (CWE-601) vulnerability has been identified in the Ava Cloud Single Sign-On (SSO) login system, due to insufficient validation of the path parameter. The flaw allows attackers to manipulate the Location header in the server response, directing users to arbitrary external domains.

Affected Products

• Ava Cloud: before 23th May 2024.

Unaffected Products

• Ava Aware: all versions.
• Ava Cameras: all versions.
• Ava Cloud: from 23th May 2024

Resolution

A fix was deployed to the Ava Cloud on 23th May 2024. Ava Cloud customers do not need to take any additional action.

Vulnerability Information

• CVSSv3 score: 6.1 (Medium)
• CVSSv3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Mitigations

There are no known mitigations for this issue.

Work arounds

There are no known work arounds for this issue.

Acknowledgements

Issue found internally by Ava Security.

Disclosure Timeline

• 09/05/2024 Issue found internally by Ava Security
• 17/05/2024 Root cause established
• 21/05/2024 Fix identified
• 23/05/2024 Patched Ava Cloud released
• 25/05/2024 Vulnerability publicly disclosed