Cisco Webex Business Suite Host Header Value Integrity Vulnerability
CVE-2019-1866

3.1LOW

Key Information:

Vendor: Cisco
Status: Cisco Webex Business Suite
Vendor: CVE Published:; 13 April 2020

Badges

👾 Exploit Exists

Summary

Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-the-middle or by intercepting wireless network traffic, could exploit this vulnerability to manipulate header values sent by a client to the affected application. The attacker could cause the application to use input from the header to redirect a user from the Cisco Webex Meetings Online site to an arbitrary site of the attacker's choosing.

Affected Version(s)

Cisco Webex Business Suite < 39.1.0

References

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Apr 13, 2020
Vulnerability Reserved
Dec 6, 2018

Credit

Cisco would like to thank Prasenjit Kanti Paul for reporting this vulnerability.