cvelist/2019/1xxx/CVE-2019-1943.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2019-07-17T16:00:00-0700",
        "ID": "CVE-2019-1943",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Small Business Series Switches Open Redirect Vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Cisco Small Business 300 Series Managed Switches ",
                                "version": {
                                    "version_data": [
                                        {
                                            "affected": "=",
                                            "version_value": "1.3.7.18"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Cisco"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites."
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
    ],
    "impact": {
        "cvss": {
            "baseScore": "4.7",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N ",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-601"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "20190717 Cisco Small Business Series Switches Open Redirect Vulnerability",
                "refsource": "CISCO",
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect"
            },
            {
                "refsource": "BID",
                "name": "109288",
                "url": "http://www.securityfocus.com/bid/109288"
            }
        ]
    },
    "source": {
        "advisory": "cisco-sa-20190717-sbss-redirect",
        "defect": [
            [
                "CSCvp23218"
            ]
        ],
        "discovery": "INTERNAL"
    }
}
- Synchronized data. 2018-12-06 16:03:34 -05:00			`{`
"-Synchronized-Data." 2019-03-18 02:10:19 +00:00			`"CVE_data_meta": {`
Adding Cisco CVE-2019-1943 2019-07-17 20:26:30 +00:00			`"ASSIGNER": "psirt@cisco.com",`
			`"DATE_PUBLIC": "2019-07-17T16:00:00-0700",`
"-Synchronized-Data." 2019-03-18 02:10:19 +00:00			`"ID": "CVE-2019-1943",`
Adding Cisco CVE-2019-1943 2019-07-17 20:26:30 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "Cisco Small Business Series Switches Open Redirect Vulnerability"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Cisco Small Business 300 Series Managed Switches ",`
			`"version": {`
			`"version_data": [`
			`{`
			`"affected": "=",`
			`"version_value": "1.3.7.18"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Cisco"`
			`}`
			`]`
			`}`
"-Synchronized-Data." 2019-03-18 02:10:19 +00:00			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2019-07-17 21:00:53 +00:00			"value": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites."
Adding Cisco CVE-2019-1943 2019-07-17 20:26:30 +00:00			`}`
			`]`
			`},`
			`"exploit": [`
			`{`
			`"lang": "eng",`
			`"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "`
			`}`
			`],`
			`"impact": {`
			`"cvss": {`
			`"baseScore": "4.7",`
			`"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N ",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-601"`
			`}`
			`]`
"-Synchronized-Data." 2019-03-18 02:10:19 +00:00			`}`
			`]`
Adding Cisco CVE-2019-1943 2019-07-17 20:26:30 +00:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "20190717 Cisco Small Business Series Switches Open Redirect Vulnerability",`
			`"refsource": "CISCO",`
			`"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect"`
"-Synchronized-Data." 2019-07-19 08:00:48 +00:00			`},`
			`{`
			`"refsource": "BID",`
			`"name": "109288",`
			`"url": "http://www.securityfocus.com/bid/109288"`
Adding Cisco CVE-2019-1943 2019-07-17 20:26:30 +00:00			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "cisco-sa-20190717-sbss-redirect",`
			`"defect": [`
			`[`
			`"CSCvp23218"`
			`]`
			`],`
			`"discovery": "INTERNAL"`
"-Synchronized-Data." 2019-03-18 02:10:19 +00:00			`}`
"-Synchronized-Data." 2019-07-17 21:00:53 +00:00			`}`