CVE-2019-1866

Name of the Vulnerable Software and Affected Versions Cisco Webex Business Suite versions prior to 39.1.0

Description The issue is due to improper validation of host header values, allowing an unauthenticated, remote attacker to affect the integrity of the application. An attacker with a privileged network position could exploit this to manipulate header values, causing the application to redirect a user from the Cisco Webex Meetings Online site to an arbitrary site. This could be achieved through a man-in-the-middle attack or by intercepting wireless network traffic.

Recommendations For versions prior to 39.1.0, update to version 39.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the application to minimize the risk of exploitation. Additionally, users should be cautious when clicking on links from the Cisco Webex Meetings Online site to avoid potential redirects to malicious sites.