CVE-2019-1943

MEDIUM NUCLEI

Cisco Sg200-50 Firmware - Open Redirect

Title source: rule

Description

A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

Exploits (1)

exploitdb WRITEUP

by Ramikan · textwebappshardware

https://www.exploit-db.com/exploits/47118

View Code ZIP pw:eip

Nuclei Templates (1)

Cisco Small Business 200,300 and 500 Series Switches - Open Redirect

MEDIUMVERIFIEDby bhutch

Shodan: /config/log_off_page.htm

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/109288

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect

Scores

CVSS v3 4.7

EPSS 0.1781

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (50)

cisco/sf200-24_firmware

cisco/sf200-24fp_firmware

cisco/sf200-24p_firmware

cisco/sf200-48_firmware

cisco/sf200-48p_firmware

cisco/sf300-08_firmware 1.3.7.18

cisco/sf300-24_firmware 1.3.7.18

cisco/sf300-24mp_firmware 1.3.7.18

cisco/sf300-24p_firmware 1.3.7.18

cisco/sf300-24pp_firmware 1.3.7.18

... and 40 more

Published Jul 17, 2019

Tracked Since Feb 18, 2026