CVE-2019-1866Improper Access Control in Cisco Webex Business Suite

CWE-284Improper Access ControlCWE-345Insufficient Verification of Data Authenticity3 documents3 sources
Severity
3.7LOWNVD
CNA3.1
EPSS
0.1%
top 68.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex Business SuiteCisco Webex Business Suite 39
Timeline
PublishedApr 13
Latest updateMay 24

Description

Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-the-middle or by intercepting wireless network traffic, could exploit this vulnerability to manipulate header values sent by a client to the affected application. The attacker could cause the applicatio

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_webex_business_suiteunspecified39.1.0

🔴Vulnerability Details

2
GHSA
GHSA-6gq6-x7pv-3ggr: Cisco Webex Business Suite before 392022-05-24
CVEList
Cisco Webex Business Suite Host Header Value Integrity Vulnerability2020-04-13
CVE-2019-1866 — Improper Access Control in Cisco | cvebase