CVE-2019-1954 — Open Redirect in Cisco Webex Meetings Server

CWE-601 — Open Redirect CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 52.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Server Cisco Webex Meetings Server

Timeline

PublishedAug 8

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful explo…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDcisco/webex_meetings_server< 4.0\(1\)

▶CVEListV5cisco/cisco_webex_meetings_serverunspecified — 4.0(1)

🔴Vulnerability Details

GHSA

GHSA-84vc-29p9-wc85: A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redir↗2022-05-24

▶

CVEList

Cisco Webex Meetings Server Open Redirection Vulnerability↗2019-08-08

▶

📋Vendor Advisories

Cisco

Cisco Webex Meetings Server Open Redirection Vulnerability↗2019-08-07

▶