Vulnerability CVE-2019-1943


Published: 2019-07-17

Description:
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
CISCO Small Business 200 / 300 / 500 Switches Multiple Vulnerabilities
Ramikan
15.07.2019

Type:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Cisco -> Sf200-24 firmware 
Cisco -> Sf302-08p firmware 
Cisco -> Sg300-10 firmware 
Cisco -> Sg500-28p firmware 
Cisco -> Sf200-24fp firmware 
Cisco -> Sf302-08pp firmware 
Cisco -> Sg300-10mp firmware 
Cisco -> Sg500-52 firmware 
Cisco -> Sf200-24p firmware 
Cisco -> Sf500-24 firmware 
Cisco -> Sg300-10mpp firmware 
Cisco -> Sg500-52mp firmware 
Cisco -> Sf200-48 firmware 
Cisco -> Sf500-24p firmware 
Cisco -> Sg300-10p firmware 
Cisco -> Sg500-52p firmware 
Cisco -> Sf200-48p firmware 
Cisco -> Sf500-48 firmware 
Cisco -> Sg300-10pp firmware 
Cisco -> Sg500x-24 firmware 
Cisco -> Sf300-08 firmware 
Cisco -> Sf500-48p firmware 
Cisco -> Sg300-10sfp firmware 
Cisco -> Sg500x-24p firmware 
Cisco -> Sf300-24 firmware 
Cisco -> Sg200-08 firmware 
Cisco -> Sg300-20 firmware 
Cisco -> Sg500x-48 firmware 
Cisco -> Sf300-24mp firmware 
Cisco -> Sg200-08p firmware 
Cisco -> Sg300-28 firmware 
Cisco -> Sg500x-48p firmware 
Cisco -> Sf300-24p firmware 
Cisco -> Sg200-10fp firmware 
Cisco -> Sg300-28mp firmware 
Cisco -> Sg500xg-8f8t firmware 
Cisco -> Sf300-24pp firmware 
Cisco -> Sg200-18 firmware 
Cisco -> Sg300-28p firmware 
Cisco -> Sf300-48 firmware 
Cisco -> Sg200-26 firmware 
Cisco -> Sg300-28pp firmware 
Cisco -> Sf300-48p firmware 
Cisco -> Sg200-26fp firmware 
Cisco -> Sg300-52 firmware 
Cisco -> Sf300-48pp firmware 
Cisco -> Sg200-26p firmware 
Cisco -> Sg300-52mp firmware 
Cisco -> Sf302-08 firmware 
Cisco -> Sg200-50 firmware 
Cisco -> Sg300-52p firmware 
Cisco -> Sf302-08mp firmware 
Cisco -> Sg200-50fp firmware 
Cisco -> Sg500-28 firmware 
Cisco -> Sf302-08mpp firmware 
Cisco -> Sg200-50p firmware 
Cisco -> Sg500-28mpp firmware 

 References:
http://www.securityfocus.com/bid/109288
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect

Copyright 2020, cxsecurity.com

 

Back to Top