#VU19287 Open redirect in Cisco Systems, Inc products - CVE-2019-1943
Published: July 22, 2019 / Updated: June 17, 2021
Vulnerability identifier: #VU19287
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2019-1943
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Cisco Small Business 500 Series Stackable Managed Switches
Cisco Small Business 300 Series Managed Switches
Cisco Small Business 200 Series Smart Switches
Cisco Small Business 500 Series Stackable Managed Switches
Cisco Small Business 300 Series Managed Switches
Cisco Small Business 200 Series Smart Switches
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to redirect a user to a malicious web page.
The vulnerability exists due to the improper input validation of the parameters of an HTTP request. A remote attacker can intercept a user's HTTP request and modify it into a request that causes the web interface to redirect the user to a specific malicious URL.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.