Vulnerability Description
Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-the-middle or by intercepting wireless network traffic, could exploit this vulnerability to manipulate header values sent by a client to the affected application. The attacker could cause the application to use input from the header to redirect a user from the Cisco Webex Meetings Online site to an arbitrary site of the attacker's choosing.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Webex Business Suite 39 | < 39.1.0 |
Related Weaknesses (CWE)
References
- https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm98833Vendor Advisory
- https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm98833Vendor Advisory
FAQ
What is CVE-2019-1866?
CVE-2019-1866 is a vulnerability with a CVSS score of 3.1 (LOW). Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper ...
How severe is CVE-2019-1866?
CVE-2019-1866 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1866?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Webex Business Suite 39.