{"containers": {"cna": {"affected": [{"product": "Cisco Small Business 300 Series Managed Switches", "vendor": "Cisco", "versions": [{"status": "affected", "version": "1.3.7.18"}]}], "datePublic": "2019-07-17T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-19T07:06:03.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190717 Cisco Small Business Series Switches Open Redirect Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect"}, {"name": "109288", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/109288"}], "source": {"advisory": "cisco-sa-20190717-sbss-redirect", "defect": [["CSCvp23218"]], "discovery": "INTERNAL"}, "title": "Cisco Small Business Series Switches Open Redirect Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-07-17T16:00:00-0700", "ID": "CVE-2019-1943", "STATE": "PUBLIC", "TITLE": "Cisco Small Business Series Switches Open Redirect Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Small Business 300 Series Managed Switches", "version": {"version_data": [{"affected": "=", "version_affected": "=", "version_value": "1.3.7.18"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "4.7", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-601"}]}]}, "references": {"reference_data": [{"name": "20190717 Cisco Small Business Series Switches Open Redirect Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect"}, {"name": "109288", "refsource": "BID", "url": "http://www.securityfocus.com/bid/109288"}]}, "source": {"advisory": "cisco-sa-20190717-sbss-redirect", "defect": [["CSCvp23218"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:35:51.265Z"}, "title": "CVE Program Container", "references": [{"name": "20190717 Cisco Small Business Series Switches Open Redirect Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect"}, {"name": "109288", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/109288"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-21T18:57:41.930515Z", "id": "CVE-2019-1943", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T19:18:29.649Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1943", "datePublished": "2019-07-17T20:30:16.400Z", "dateReserved": "2018-12-06T00:00:00.000Z", "dateUpdated": "2024-11-21T19:18:29.649Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect", "name": "20190717 Cisco Small Business Series Switches Open Redirect Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/109288", "name": "109288", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:35:51.265Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-1943", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-21T18:57:41.930515Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T18:59:03.763Z"}}], "cna": {"title": "Cisco Small Business Series Switches Open Redirect Vulnerability", "source": {"defect": [["CSCvp23218"]], "advisory": "cisco-sa-20190717-sbss-redirect", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Small Business 300 Series Managed Switches", "versions": [{"status": "affected", "version": "1.3.7.18"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2019-07-17T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect", "name": "20190717 Cisco Small Business Series Switches Open Redirect Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}, {"url": "http://www.securityfocus.com/bid/109288", "name": "109288", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2019-07-19T07:06:03"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "4.7", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"}}, "source": {"defect": [["CSCvp23218"]], "advisory": "cisco-sa-20190717-sbss-redirect", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"affected": "=", "version_value": "1.3.7.18", "version_affected": "="}]}, "product_name": "Cisco Small Business 300 Series Managed Switches"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect", "name": "20190717 Cisco Small Business Series Switches Open Redirect Vulnerability", "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/109288", "name": "109288", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-601"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-1943", "STATE": "PUBLIC", "TITLE": "Cisco Small Business Series Switches Open Redirect Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-07-17T16:00:00-0700"}}}}, "cveMetadata": {"cveId": "CVE-2019-1943", "state": "PUBLISHED", "dateUpdated": "2024-11-21T19:18:29.649Z", "dateReserved": "2018-12-06T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2019-07-17T20:30:16.400115Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg200-50_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE1F4AF2-7330-4535-900E-B4A2A6B76A8F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg200-50:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0219D69-91AE-4558-BF12-93BB82D74A48", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg200-50p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "03699C15-D612-4CEC-923C-7E69CC6F6C79", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg200-50p:-:*:*:*:*:*:*:*", "matchCriteriaId": "82842273-F24B-4210-8E07-5F7253018FC0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg200-50fp_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "48A444FC-D2A5-4847-B616-F5E729F10C75", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg200-50fp:-:*:*:*:*:*:*:*", "matchCriteriaId": "64E81B93-C7DB-4CC7-9FEA-914C853411B2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg200-26_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1196E58A-FF08-4086-8B89-42DF19A3E2B5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg200-26:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F2F454F-9084-4AD8-8F81-45A4AFAF63B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg200-26p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0419BDEB-DADB-4D0E-A747-6EEFF9D3A26B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg200-26p:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A30A529-9796-4D10-AE55-698930E95CD9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg200-26fp_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9702EE3-E077-4F70-AD90-EFD168BFCCBF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg200-26fp:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0ACAD62-EA73-494C-8244-541642C3E397", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg200-18_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE91F6B0-635D-48B3-BBB2-C9A6AC367815", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg200-18:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCD5CDA0-F982-492B-B631-6B0958F82A7F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg200-10fp_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD5A806E-4E9F-45D2-936F-F9416342FBA9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg200-10fp:-:*:*:*:*:*:*:*", "matchCriteriaId": "D173967C-5FF3-49DE-863B-26F7DF8B5F01", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg200-08_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "24AF3A3B-93C1-4DD6-AFEC-60B3E7FFB114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg200-08:-:*:*:*:*:*:*:*", "matchCriteriaId": "335CA93E-604D-4060-9D24-E4E9D7740A3E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg200-08p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABE4DDC3-43B2-4487-90FE-A3529D3A5AA2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg200-08p:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB844823-174D-487B-A211-E650D638A010", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf200-24_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE54B823-D772-49CF-9BA4-D8056C31A915", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf200-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "1866B4D0-0FF2-4C79-A07B-4FAE5586F7E0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf200-24p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "471C22F3-B110-46E4-BA52-8FDA4412EA0E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf200-24p:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4A8518B-EE72-4CEA-B2A8-9F17898F4476", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf200-24fp_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC963AF6-F648-4A5B-84C6-1D5823222527", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf200-24fp:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D8A349B-73D2-4010-90C2-B153B3245487", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf200-48_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "47341322-B516-4957-8CC0-5F34D8983937", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf200-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "19F27801-DCF0-4843-90F8-2A1694BB29E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf200-48p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB592B62-F1DE-4BF5-A975-345483C37949", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf200-48p:-:*:*:*:*:*:*:*", "matchCriteriaId": "B12AEA51-CF3B-44CC-9943-E370A29EFDC9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf302-08pp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "2771C8A5-8074-4739-AD13-6A9613AD5F0A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf302-08pp:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFFEF3C3-0C7C-4359-A45F-00152ACAB545", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf302-08mpp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "11F2791E-C3DA-4C03-AD22-3D297BE15A7C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf302-08mpp:-:*:*:*:*:*:*:*", "matchCriteriaId": "19890DBE-F1B9-4454-8738-AC2AC6704C75", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10pp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "32191D8C-732B-4A86-A7F5-39F86D489EFC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10pp:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F1772C3-48DB-4BEF-9F12-CDCC3BBFA0E1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10mpp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "FEDDBFBE-A2D8-4153-8728-B460A645A61F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10mpp:-:*:*:*:*:*:*:*", "matchCriteriaId": "AAD7CDE3-7247-4EA9-8A72-7ABC961BD895", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-24pp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "32C00DEB-D048-4CD4-9FAC-452975E18A8C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-24pp:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E7B70CB-9D7A-4637-8A51-634157F7AC85", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-48pp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "C5BD4735-5291-430D-9D37-85C5CEA7BCFB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-48pp:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5248F85-411D-4ED9-983C-A28A90C8FC70", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-28pp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "6459BD48-9D03-4869-9709-03E453BD0E7E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-28pp:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD6F6741-AA56-47EA-998C-78FD7F6B01CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-08_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "F36533AD-E2CC-4D44-B9AE-05597415E5C9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-08:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C96B794-16D3-46FE-8A2B-262BD38994E8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-48p_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "F55C1D18-343A-4961-8377-25509F709480", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-48p:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5307DEF-DCD1-417A-B649-FF4DCE66193E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10mp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "825A2B20-0C4F-4B41-84DE-5DD6E625672F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "95F6D7AC-2ACB-4693-AB8E-C700B99C5BF4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10p_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "9DDE3662-EFB4-415C-A276-33692A883B16", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10p:-:*:*:*:*:*:*:*", "matchCriteriaId": "9054C3D1-BA1A-4BAC-8834-88673B804E4E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "A6CA3661-3BF3-46AC-B2A5-75F9154F7342", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "78B44981-5C59-4328-A7DB-FBF50F9C92C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-28p_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "7963297B-A97D-4704-9E5C-51311AC99AFD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-28p:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2D5109D-C78B-4362-B000-0AA073FCC843", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-24p_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "54AF17F5-1579-441A-81CA-1A32106871B6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-24p:-:*:*:*:*:*:*:*", "matchCriteriaId": "71D909B9-5B11-401E-8484-D6CD39D64142", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf302-08mp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "C9C9E514-5EF0-49FB-8D29-162231770292", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf302-08mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "8124725E-8340-43BC-BEBB-BC39E3AE7368", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-28_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "A59ACB01-F0DC-4EBA-A078-B7BE6390162F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-28:-:*:*:*:*:*:*:*", "matchCriteriaId": "E74DB8D8-B79B-4DAE-BF88-98C1F518E76D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-48_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "FFA8C7A2-1E90-4CFB-8780-A98B786562E2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "765DECDB-4234-4444-B78F-01C1DCBAD8FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-20_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "F7637BBD-6D6C-4EB4-8F90-0A8DB62890A4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-20:-:*:*:*:*:*:*:*", "matchCriteriaId": "50A677CE-4360-4780-ABF9-466C45CB19E1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf302-08p_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "CAFAF764-7275-4E51-A2DD-E0BFEEEF51BF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf302-08p:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9C97D56-2E3C-4F36-89E2-BC169AED3CC2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-52_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "C0F3D9E1-3663-47A7-9F32-2636084D2A7F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-52:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E26EE1D-763F-4893-9997-F4C1CE7A1089", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-24_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "1B924994-14BD-43F7-A958-B9B6C581A331", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "C324F7E3-2088-452F-B049-519A9D25C9B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf302-08_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "C9ADCCA3-A32F-425A-9E1E-10703BA38D74", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf302-08:-:*:*:*:*:*:*:*", "matchCriteriaId": "04042998-72B6-4215-9264-CC563E51D9CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-24mp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "220CCE1B-C6A4-4F67-9A1B-2DA6CA7C2CA1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-24mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "4882366A-9450-47BE-BE70-CC3A9D2F5275", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10sfp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "35D0E391-B0AD-4577-A1BD-B31179B41C6E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10sfp:-:*:*:*:*:*:*:*", "matchCriteriaId": "B402FBC0-91FC-471D-9D8A-C71F4FECF338", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-28mp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "79624321-A683-4714-9F13-9FCAE4B4B604", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-28mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DB2B761-E591-42B6-B62F-63A6D41F4FAC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-52p_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "282C7CA0-A341-4C64-A8C6-C390A70093E5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-52p:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E9DF9C4-9D06-4449-8AF0-8322C6B77F6A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-52mp_firmware:1.3.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "227DB561-5C81-4CA2-93A3-9F36E91A6C69", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-52mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4C3B5A2-CAE6-4E75-A1A3-4FCB1C62A7A8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg500-28mpp_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E1FAC9E-45D1-4CB9-9BB2-389427199D52", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg500-28mpp:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA6035EA-0F55-4C76-9E2F-DD4938576D1A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg500-52mp_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "91A93E7F-A05D-4617-9BB9-6962CDB08AE3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg500-52mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "36E534B2-12EA-489B-A939-4F1965B5EC66", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg500xg-8f8t_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F73C16B-814C-447E-84C2-893B9ED90693", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg500xg-8f8t:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8FE0E3E-5AB4-4BBA-A787-072799BF3EAB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf500-24_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6E4A156-2BF5-4F65-916C-E94AD6F899A6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf500-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C0F8958-8059-411B-86C8-40B1073C80C6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf500-24p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0ACD1A2A-9CCE-4A92-AC7B-9921172F1BC1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf500-24p:-:*:*:*:*:*:*:*", "matchCriteriaId": "218D6018-551C-46B8-AE27-F88E6052F37B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf500-48_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6A1075B-47F6-4361-9FAC-4FCE932ED61D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf500-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAB8DE78-E398-458B-98EF-EEEB6E219BAB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf500-48p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D4EE51C-F69E-412E-BE53-00B377564D01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf500-48p:-:*:*:*:*:*:*:*", "matchCriteriaId": "E443C685-F000-4F89-ADEA-7084138018D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg500-28_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "48E2C7ED-765A-442D-8FC6-5D769AD05251", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg500-28:-:*:*:*:*:*:*:*", "matchCriteriaId": "0779C5EE-C145-4C28-8F60-EE692409102D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg500-28p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1431252-1FAE-4492-A7C4-69D47BBEB228", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg500-28p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF4D4AD6-C5FD-40D8-B002-2B784EC88B89", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg500-52_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "67BE410C-FF81-4D5D-8C81-15A4C0E02E4C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg500-52:-:*:*:*:*:*:*:*", "matchCriteriaId": "40273E59-7C60-4094-B9FC-A633A2F23E61", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg500-52p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "41E2FD03-6870-466F-9389-6D044BAC5DA7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg500-52p:-:*:*:*:*:*:*:*", "matchCriteriaId": "14A201E5-0603-4C96-8F4B-87934B7B99D7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg500x-24_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA293370-953C-42ED-BF25-4C439A8D986A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg500x-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1A9D4D4-EF09-4862-B62A-94913AEFA2BE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg500x-24p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3F89D89-F7E9-4BC2-9A5F-3689930DAEF6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg500x-24p:-:*:*:*:*:*:*:*", "matchCriteriaId": "0093FE2A-3D4C-4435-AE35-D213C9700771", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg500x-48_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9B7BB55-2872-411F-8E0B-EED8746FA013", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg500x-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "B84D71EE-64CC-4966-98D1-C0697816120A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg500x-48p_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E70A5C52-9C3B-4FA8-9208-FF19200BD3F5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg500x-48p:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E99C3C2-0B98-4108-8102-80132BF47A32", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web del software Cisco Small Business 200, 300 y 500 Series Switches podr\u00eda permitir que un atacante remoto no autenticado redirija a un usuario a una p\u00e1gina web maliciosa. La vulnerabilidad se debe a una validaci\u00f3n incorrecta de entradas de los par\u00e1metros en una petici\u00f3n HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad al interceptar la solicitud HTTP de un usuario y modificarla en una solicitud que haga que la interfaz web redirija al usuario a una URL maliciosa espec\u00edfica. Este tipo de vulnerabilidad se conoce como ataque de redirecci\u00f3n abierta y se usa en ataques de suplantaci\u00f3n de identidad que hacen que los usuarios visiten sin saberlo sitios maliciosos."}], "id": "CVE-2019-1943", "lastModified": "2024-11-21T04:37:44.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 2.7, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-17T21:15:12.453", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/109288"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/109288"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}