CVE-2019-1943

Name of the Vulnerable Software and Affected Versions Cisco Small Business 200, 300, and 500 Series Switches software (affected versions not specified)

Description A vulnerability in the web interface could allow an unauthenticated, remote attacker to redirect a user to a malicious web page due to improper input validation of HTTP request parameters. This is known as an open redirect attack, often used in phishing attacks to trick users into visiting malicious sites. An attacker could exploit this by intercepting and modifying a user's HTTP request to cause the web interface to redirect the user to a specific malicious URL.

Recommendations For Cisco Small Business 200, 300, and 500 Series Switches software, consider restricting access to the web interface until a fix is available. As a temporary workaround, avoid using the web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.