CVE-2019-1866 vulnerability in Cisco Products
Published on April 13, 2020
Cisco Webex Business Suite Host Header Value Integrity Vulnerability
Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-the-middle or by intercepting wireless network traffic, could exploit this vulnerability to manipulate header values sent by a client to the affected application. The attacker could cause the application to use input from the header to redirect a user from the Cisco Webex Meetings Online site to an arbitrary site of the attacker's choosing.
Vulnerability Analysis
CVE-2019-1866 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2019-1866 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2019-1866
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-1866 are published in these products:
Affected Versions
Cisco Webex Business Suite:- Version unspecified and below 39.1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.