Skip to content
Nuclei Templates

Cisco Small Business 200,300 and 500 Series Switches - Open Redirect

ID: CVE-2019-1943

Severity: medium

Author: bhutch

Tags: cve,cve2019,redirect,cisco

Description

Section titled “Description”

Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

YAML Source

Section titled “YAML Source”
id: CVE-2019-1943


info:
  name: Cisco Small Business 200,300 and 500 Series Switches - Open Redirect
  author: bhutch
  severity: medium
  description: |
    Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware.
  remediation: |
    Apply the necessary patches or updates provided by Cisco to fix the open redirect vulnerability.
  reference:
    - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect
    - https://www.exploit-db.com/exploits/47118
    - https://nvd.nist.gov/vuln/detail/CVE-2019-1943
    - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2019-1943
    cwe-id: CWE-601
    epss-score: 0.05334
    epss-percentile: 0.93073
    cpe: cpe:2.3:o:cisco:sg200-50_firmware:-:*:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 1
    vendor: cisco
    product: sg200-50_firmware
    shodan-query: "/config/log_off_page.htm"
    censys-query: "services.http.response.headers.location: /config/log_off_page.htm"
  tags: cve,cve2019,redirect,cisco


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: interact.sh


    matchers-condition: and
    matchers:
      - type: word
        part: server
        words:
          - 'GoAhead-Webs'


      - type: regex
        part: header
        regex:
          - '(?i)Location:\shttps?:\/\/interact\.sh/cs[\w]+/'


      - type: status
        status:
          - 302
# digest: 490a0046304402201365dae20dd638bef35556e79a025ddf54696118a148a97d80890bbfa0acc4fa0220205f380a0335059febf07580f818f6257d632a8b2b035c86762e90d5102b4917:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-1943.yaml"

View on Github