Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1943

CWE-601 — Open Redirect6 documents6 sources

Severity

6.1MEDIUM

EPSS

17.8%

top 4.87%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Cisco Small Business 300 Series Managed Switches Cisco Sf300-08 Firmware Cisco Sf300-24 Firmware +25 more

Timeline

PublishedJul 17

Latest updateMay 24

Description

A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vuln…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7

Affected Packages28 packages

▶CVEListV5cisco/cisco_small_business_300_series_managed_switches1.3.7.18

▶NVDcisco/sf300-08_firmware1.3.7.18

▶NVDcisco/sf300-24_firmware1.3.7.18

▶NVDcisco/sf300-48_firmware1.3.7.18

▶NVDcisco/sf302-08_firmware1.3.7.18

🔴Vulnerability Details

GHSA

GHSA-c4p7-9fgh-g95m: A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacke↗2022-05-24

▶

CVEList

Cisco Small Business Series Switches Open Redirect Vulnerability↗2019-07-17

▶

💥Exploits & PoCs

Exploit-DB

CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities↗2019-07-15

▶

Nuclei

Cisco Small Business 200,300 and 500 Series Switches - Open Redirect

▶

📋Vendor Advisories

Cisco

Cisco Small Business Series Switches Open Redirect Vulnerability↗2019-07-17

▶