Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-the-middle or by intercepting wireless network traffic, could exploit this vulnerability to manipulate header values sent by a client to the affected application. The attacker could cause the application to use input from the header to redirect a user from the Cisco Webex Meetings Online site to an arbitrary site of the attacker's choosing.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-04-13T16:55:12.071433Z
Updated: 2024-09-16T19:15:54.890Z
Reserved: 2018-12-06T00:00:00
Link: CVE-2019-1866
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-04-13T17:15:10.937
Modified: 2020-04-13T18:35:37.753
Link: CVE-2019-1866
Redhat
No data.