Vulnerabilities > CVE-2019-1943 - Open Redirect vulnerability in Cisco products

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

cisco

CWE-601

exploit available

NVD

Published: 2019-07-17

Updated: 2019-10-09

Summary

A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Sg200 50 Firmware - Cisco Sg200 50P Firmware - Cisco Sg200 50Fp Firmware - Cisco Sg200 26 Firmware - Cisco Sg200 26P Firmware - Cisco Sg200 26Fp Firmware - Cisco Sg200 18 Firmware - Cisco Sg200 10Fp Firmware - Cisco Sg200 08 Firmware - Cisco Sg200 08P Firmware - Cisco Sf200 24 Firmware - Cisco Sf200 24P Firmware - Cisco Sf200 24Fp Firmware - Cisco Sf200 48 Firmware - Cisco Sf200 48P Firmware - Cisco Sf302 08Pp Firmware 1.3.7.18 Cisco Sf302 08Mpp Firmware 1.3.7.18 Cisco Sg300 10Pp Firmware 1.3.7.18 Cisco Sg300 10Mpp Firmware 1.3.7.18 Cisco Sf300 24Pp Firmware 1.3.7.18 Cisco Sf300 48Pp Firmware 1.3.7.18 Cisco Sg300 28Pp Firmware 1.3.7.18 Cisco Sf300 08 Firmware 1.3.7.18 Cisco Sf300 48P Firmware 1.3.7.18 Cisco Sg300 10Mp Firmware 1.3.7.18 Cisco Sg300 10P Firmware 1.3.7.18 Cisco Sg300 10 Firmware 1.3.7.18 Cisco Sg300 28P Firmware 1.3.7.18 Cisco Sf300 24P Firmware 1.3.7.18 Cisco Sf302 08Mp Firmware 1.3.7.18 Cisco Sg300 28 Firmware 1.3.7.18 Cisco Sf300 48 Firmware 1.3.7.18 Cisco Sg300 20 Firmware 1.3.7.18 Cisco Sf302 08P Firmware 1.3.7.18 Cisco Sg300 52 Firmware 1.3.7.18 Cisco Sf300 24 Firmware 1.3.7.18 Cisco Sf302 08 Firmware 1.3.7.18 Cisco Sf300 24Mp Firmware 1.3.7.18 Cisco Sg300 10Sfp Firmware 1.3.7.18 Cisco Sg300 28Mp Firmware 1.3.7.18 Cisco Sg300 52P Firmware 1.3.7.18 Cisco Sg300 52Mp Firmware 1.3.7.18 Cisco Sg500 28Mpp Firmware - Cisco Sg500 52Mp Firmware - Cisco Sg500Xg 8F8T Firmware - Cisco Sf500 24 Firmware - Cisco Sf500 24P Firmware - Cisco Sf500 48 Firmware - Cisco Sf500 48P Firmware - Cisco Sg500 28 Firmware - Cisco Sg500 28P Firmware - Cisco Sg500 52 Firmware - Cisco Sg500 52P Firmware - Cisco Sg500X 24 Firmware - Cisco Sg500X 24P Firmware - Cisco Sg500X 48 Firmware - Cisco Sg500X 48P Firmware -	57
Hardware	Cisco Cisco Sg200 50 - Cisco Sg200 50P - Cisco Sg200 50Fp - Cisco Sg200 26 - Cisco Sg200 26P - Cisco Sg200 26Fp - Cisco Sg200 18 - Cisco Sg200 10Fp - Cisco Sg200 08 - Cisco Sg200 08P - Cisco Sf200 24 - Cisco Sf200 24P - Cisco Sf200 24Fp - Cisco Sf200 48 - Cisco Sf200 48P - Cisco Sf302 08Pp - Cisco Sf302 08Mpp - Cisco Sg300 10Pp - Cisco Sg300 10Mpp - Cisco Sf300 24Pp - Cisco Sf300 48Pp - Cisco Sg300 28Pp - Cisco Sf300 08 - Cisco Sf300 48P - Cisco Sg300 10Mp - Cisco Sg300 10P - Cisco Sg300 10 - Cisco Sg300 28P - Cisco Sf300 24P - Cisco Sf302 08Mp - Cisco Sg300 28 - Cisco Sf300 48 - Cisco Sg300 20 - Cisco Sf302 08P - Cisco Sg300 52 - Cisco Sf300 24 - Cisco Sf302 08 - Cisco Sf300 24Mp - Cisco Sg300 10Sfp - Cisco Sg300 28Mp - Cisco Sg300 52P - Cisco Sg300 52Mp - Cisco Sg500 28Mpp - Cisco Sg500 52Mp - Cisco Sg500Xg 8F8T - Cisco Sf500 24 - Cisco Sf500 24P - Cisco Sf500 48 - Cisco Sf500 48P - Cisco Sg500 28 - Cisco Sg500 28P - Cisco Sg500 52 - Cisco Sg500 52P - Cisco Sg500X 24 - Cisco Sg500X 24P - Cisco Sg500X 48 - Cisco Sg500X 48P -	57

Common Weakness Enumeration (CWE)

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Common Attack Pattern Enumeration and Classification (CAPEC)

Fake the Source of Data
An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

Exploit-Db

id	EDB-ID:47118
last seen	2019-07-15
modified	2019-07-15
published	2019-07-15
reporter	Exploit-DB
source	https://www.exploit-db.com/download/47118
title	CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities

Packetstorm

data source	https://packetstormsecurity.com/files/download/153629/ciscosmswitches-disclose.txt
id	PACKETSTORM:153629
last seen	2019-07-15
published	2019-07-15
reporter	Ramikan
source	https://packetstormsecurity.com/files/153629/Cisco-Small-Business-Switch-Information-Leakage-Open-Redirect.html
title	Cisco Small Business Switch Information Leakage / Open Redirect