6.1
CVE-2019-1943
- EPSS 22.95%
- Published 17.07.2019 21:15:12
- Last modified 21.11.2024 04:37:44
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Sg200-50 Firmware Version-
Cisco ≫ Sg200-50p Firmware Version-
Cisco ≫ Sg200-50fp Firmware Version-
Cisco ≫ Sg200-26 Firmware Version-
Cisco ≫ Sg200-26p Firmware Version-
Cisco ≫ Sg200-26fp Firmware Version-
Cisco ≫ Sg200-18 Firmware Version-
Cisco ≫ Sg200-10fp Firmware Version-
Cisco ≫ Sg200-08 Firmware Version-
Cisco ≫ Sg200-08p Firmware Version-
Cisco ≫ Sf200-24 Firmware Version-
Cisco ≫ Sf200-24p Firmware Version-
Cisco ≫ Sf200-24fp Firmware Version-
Cisco ≫ Sf200-48 Firmware Version-
Cisco ≫ Sf200-48p Firmware Version-
Cisco ≫ Sf302-08pp Firmware Version1.3.7.18
Cisco ≫ Sf302-08mpp Firmware Version1.3.7.18
Cisco ≫ Sg300-10pp Firmware Version1.3.7.18
Cisco ≫ Sg300-10mpp Firmware Version1.3.7.18
Cisco ≫ Sf300-24pp Firmware Version1.3.7.18
Cisco ≫ Sf300-48pp Firmware Version1.3.7.18
Cisco ≫ Sg300-28pp Firmware Version1.3.7.18
Cisco ≫ Sf300-08 Firmware Version1.3.7.18
Cisco ≫ Sf300-48p Firmware Version1.3.7.18
Cisco ≫ Sg300-10mp Firmware Version1.3.7.18
Cisco ≫ Sg300-10p Firmware Version1.3.7.18
Cisco ≫ Sg300-10 Firmware Version1.3.7.18
Cisco ≫ Sg300-28p Firmware Version1.3.7.18
Cisco ≫ Sf300-24p Firmware Version1.3.7.18
Cisco ≫ Sf302-08mp Firmware Version1.3.7.18
Cisco ≫ Sg300-28 Firmware Version1.3.7.18
Cisco ≫ Sf300-48 Firmware Version1.3.7.18
Cisco ≫ Sg300-20 Firmware Version1.3.7.18
Cisco ≫ Sf302-08p Firmware Version1.3.7.18
Cisco ≫ Sg300-52 Firmware Version1.3.7.18
Cisco ≫ Sf300-24 Firmware Version1.3.7.18
Cisco ≫ Sf302-08 Firmware Version1.3.7.18
Cisco ≫ Sf300-24mp Firmware Version1.3.7.18
Cisco ≫ Sg300-10sfp Firmware Version1.3.7.18
Cisco ≫ Sg300-28mp Firmware Version1.3.7.18
Cisco ≫ Sg300-52p Firmware Version1.3.7.18
Cisco ≫ Sg300-52mp Firmware Version1.3.7.18
Cisco ≫ Sg500-28mpp Firmware Version-
Cisco ≫ Sg500-52mp Firmware Version-
Cisco ≫ Sg500xg-8f8t Firmware Version-
Cisco ≫ Sf500-24 Firmware Version-
Cisco ≫ Sf500-24p Firmware Version-
Cisco ≫ Sf500-48 Firmware Version-
Cisco ≫ Sf500-48p Firmware Version-
Cisco ≫ Sg500-28 Firmware Version-
Cisco ≫ Sg500-28p Firmware Version-
Cisco ≫ Sg500-52 Firmware Version-
Cisco ≫ Sg500-52p Firmware Version-
Cisco ≫ Sg500x-24 Firmware Version-
Cisco ≫ Sg500x-24p Firmware Version-
Cisco ≫ Sg500x-48 Firmware Version-
Cisco ≫ Sg500x-48p Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 22.95% | 0.955 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| psirt@cisco.com | 4.7 | 1.6 | 2.7 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.