CVE-2019-1943

A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

Published: Jul 17, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-1943
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
cisco / sf302-08pp_firmware	1.3.7.18	1.3.7.18.x
cisco / sf302-08mpp_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-10pp_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-10mpp_firmware	1.3.7.18	1.3.7.18.x
cisco / sf300-24pp_firmware	1.3.7.18	1.3.7.18.x
cisco / sf300-48pp_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-28pp_firmware	1.3.7.18	1.3.7.18.x
cisco / sf300-08_firmware	1.3.7.18	1.3.7.18.x
cisco / sf300-48p_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-10mp_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-10p_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-10_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-28p_firmware	1.3.7.18	1.3.7.18.x
cisco / sf300-24p_firmware	1.3.7.18	1.3.7.18.x
cisco / sf302-08mp_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-28_firmware	1.3.7.18	1.3.7.18.x
cisco / sf300-48_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-20_firmware	1.3.7.18	1.3.7.18.x
cisco / sf302-08p_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-52_firmware	1.3.7.18	1.3.7.18.x
cisco / sf300-24_firmware	1.3.7.18	1.3.7.18.x
cisco / sf302-08_firmware	1.3.7.18	1.3.7.18.x
cisco / sf300-24mp_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-10sfp_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-28mp_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-52p_firmware	1.3.7.18	1.3.7.18.x
cisco / sg300-52mp_firmware	1.3.7.18	1.3.7.18.x

Vulnerability Database

289,599

CVE-2019-1943