PT-2019-3135 · Cisco · Cisco Webex Meetings Server

Published

2019-08-07

Updated

2021-10-29

CVE-2019-1954

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings Server Software (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The issue is due to improper input validation of the URL parameters in an HTTP request sent to an affected device. An attacker could exploit this by crafting an HTTP request to cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Open Redirect

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-20

Related Identifiers

BDU:2019-03120

CVE-2019-1954

Affected Products

Cisco Webex Meetings Server

PT-2019-3135 · Cisco · Cisco Webex Meetings Server

CVE-2019-1954

Weakness Enumeration

Related Identifiers

Affected Products

References · 5