CVE-2019-1866 vulnerability in Cisco Products
Published on April 13, 2020
Cisco Webex Business Suite Host Header Value Integrity Vulnerability
Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-the-middle or by intercepting wireless network traffic, could exploit this vulnerability to manipulate header values sent by a client to the affected application. The attacker could cause the application to use input from the header to redirect a user from the Cisco Webex Meetings Online site to an arbitrary site of the attacker's choosing.
Vulnerability Analysis
CVE-2019-1866 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2019-1866 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2019-1866
stack.watch emails you whenever new vulnerabilities are published in Cisco Webex Business Suite 39 or Cisco Webex Business Suite. Just hit a watch button to start following.
Affected Versions
Cisco Webex Business Suite:- Version unspecified and below 39.1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.