VDB

CVE-2019-1943

CVE-2019-1943 PUBLISHED CVSS 4.699999809265137 MEDIUM

A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

EPSS 13.93% · 94.5th percentile

Risk Scores

CVSS 3.0
4.699999809265137
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
13.93%
94.5th percentile

Affected Products

VendorProductVersions
ciscosg200-18_firmware
ciscosf300-24mp_firmware1.3.7.18
ciscosf200-24p_firmware
ciscosg300-28pp_firmware1.3.7.18
ciscosf200-24fp_firmware
ciscosf302-08mpp_firmware1.3.7.18
ciscosf300-24pp_firmware1.3.7.18
ciscosg300-28mp_firmware1.3.7.18
ciscosg300-20_firmware1.3.7.18
ciscosf300-48p_firmware1.3.7.18
ciscosg500-28_firmware
ciscosf200-48_firmware
ciscosf300-08_firmware1.3.7.18
ciscosf500-24_firmware
ciscosg500-28p_firmware
ciscosg300-52_firmware1.3.7.18
ciscosg300-10_firmware1.3.7.18
ciscosf300-24_firmware1.3.7.18
ciscosg500x-48p_firmware
ciscosf302-08mp_firmware1.3.7.18

…and 38 more

Exploit Intelligence

…and 1 more exploits

Timeline

  • Jul 15, 2019 CVE Published
  • Jul 15, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
  • Jun 6, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›