Podatność CVE-2019-1943


Publikacja: 2019-07-17   Modyfikacja: 2019-07-18

Opis:
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Med.
CISCO Small Business 200 / 300 / 500 Switches Multiple Vulnerabilities
Ramikan
15.07.2019

Typ:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
5.8/10
4.9/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Brak
Affected software
Cisco -> Sf302-08mpp firmware 
Cisco -> Sg200-50p firmware 
Cisco -> Sg500-28mpp firmware 
Cisco -> Sf200-24 firmware 
Cisco -> Sf302-08p firmware 
Cisco -> Sg300-10 firmware 
Cisco -> Sg500-28p firmware 
Cisco -> Sf200-24fp firmware 
Cisco -> Sf302-08pp firmware 
Cisco -> Sg300-10mp firmware 
Cisco -> Sg500-52 firmware 
Cisco -> Sf200-24p firmware 
Cisco -> Sf500-24 firmware 
Cisco -> Sg300-10mpp firmware 
Cisco -> Sg500-52mp firmware 
Cisco -> Sf200-48 firmware 
Cisco -> Sf500-24p firmware 
Cisco -> Sg300-10p firmware 
Cisco -> Sg500-52p firmware 
Cisco -> Sf200-48p firmware 
Cisco -> Sf500-48 firmware 
Cisco -> Sg300-10pp firmware 
Cisco -> Sg500x-24 firmware 
Cisco -> Sf300-08 firmware 
Cisco -> Sf500-48p firmware 
Cisco -> Sg300-10sfp firmware 
Cisco -> Sg500x-24p firmware 
Cisco -> Sf300-24 firmware 
Cisco -> Sg200-08 firmware 
Cisco -> Sg300-20 firmware 
Cisco -> Sg500x-48 firmware 
Cisco -> Sf300-24mp firmware 
Cisco -> Sg200-08p firmware 
Cisco -> Sg300-28 firmware 
Cisco -> Sg500x-48p firmware 
Cisco -> Sf300-24p firmware 
Cisco -> Sg200-10fp firmware 
Cisco -> Sg300-28mp firmware 
Cisco -> Sg500xg-8f8t firmware 
Cisco -> Sf300-24pp firmware 
Cisco -> Sg200-18 firmware 
Cisco -> Sg300-28p firmware 
Cisco -> Sf300-48 firmware 
Cisco -> Sg200-26 firmware 
Cisco -> Sg300-28pp firmware 
Cisco -> Sf300-48p firmware 
Cisco -> Sg200-26fp firmware 
Cisco -> Sg300-52 firmware 
Cisco -> Sf300-48pp firmware 
Cisco -> Sg200-26p firmware 
Cisco -> Sg300-52mp firmware 
Cisco -> Sf302-08 firmware 
Cisco -> Sg200-50 firmware 
Cisco -> Sg300-52p firmware 
Cisco -> Sf302-08mp firmware 
Cisco -> Sg200-50fp firmware 
Cisco -> Sg500-28 firmware 

 Referencje:
http://www.securityfocus.com/bid/109288
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect

Copyright 2022, cxsecurity.com

 

Back to Top