CVE-2019-1943 - 漏洞详情

CVE-2019-1943 (CNNVD-201907-779)

MEDIUM 有利用代码

中文标题:

Cisco Small Business 200、300和500 Switches 输入验证错误漏洞

英文标题:

Cisco Small Business Series Switches Open Redirect Vulnerability

CVSS分数: 4.7

发布时间: 2019-07-17 20:30:16

漏洞类型: 输入验证错误

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v4

漏洞描述

中文描述:

Cisco Small Business 200 Series Managed Switches等都是美国思科（Cisco）公司的产品。Cisco Small Business 200 Series Managed Switches是一款200系列管理型交换机。Cisco Small Business 300 Series Managed Switches是一款300系列管理型交换机。Cisco Small Business 500 Series Managed Switches是一款500系列管理型交换机。 Cisco Small Business 200、300和500 Switches中存在输入验证错误漏洞。攻击者可利用该漏洞获取版本号及设备类型，或实施钓鱼攻击及域前置攻击。

英文描述:

A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

CWE类型:

CWE-601

受影响产品

厂商	产品	版本	版本范围	平台	CPE
Cisco	Cisco Small Business 300 Series Managed Switches	1.3.7.18	-	-	`cpe:2.3:a:cisco:cisco_small_business_300_series_managed_switches:1.3.7.18:::::::*`
cisco	sg200-50_firmware	-	-	-	`cpe:2.3:o:cisco:sg200-50_firmware:-:::::::*`
cisco	sg200-50p_firmware	-	-	-	`cpe:2.3:o:cisco:sg200-50p_firmware:-:::::::*`
cisco	sg200-50fp_firmware	-	-	-	`cpe:2.3:o:cisco:sg200-50fp_firmware:-:::::::*`
cisco	sg200-26_firmware	-	-	-	`cpe:2.3:o:cisco:sg200-26_firmware:-:::::::*`
cisco	sg200-26p_firmware	-	-	-	`cpe:2.3:o:cisco:sg200-26p_firmware:-:::::::*`
cisco	sg200-26fp_firmware	-	-	-	`cpe:2.3:o:cisco:sg200-26fp_firmware:-:::::::*`
cisco	sg200-18_firmware	-	-	-	`cpe:2.3:o:cisco:sg200-18_firmware:-:::::::*`
cisco	sg200-10fp_firmware	-	-	-	`cpe:2.3:o:cisco:sg200-10fp_firmware:-:::::::*`
cisco	sg200-08_firmware	-	-	-	`cpe:2.3:o:cisco:sg200-08_firmware:-:::::::*`
cisco	sg200-08p_firmware	-	-	-	`cpe:2.3:o:cisco:sg200-08p_firmware:-:::::::*`
cisco	sf200-24_firmware	-	-	-	`cpe:2.3:o:cisco:sf200-24_firmware:-:::::::*`
cisco	sf200-24p_firmware	-	-	-	`cpe:2.3:o:cisco:sf200-24p_firmware:-:::::::*`
cisco	sf200-24fp_firmware	-	-	-	`cpe:2.3:o:cisco:sf200-24fp_firmware:-:::::::*`
cisco	sf200-48_firmware	-	-	-	`cpe:2.3:o:cisco:sf200-48_firmware:-:::::::*`
cisco	sf200-48p_firmware	-	-	-	`cpe:2.3:o:cisco:sf200-48p_firmware:-:::::::*`
cisco	sf302-08pp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf302-08pp_firmware:1.3.7.18:::::::*`
cisco	sf302-08mpp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf302-08mpp_firmware:1.3.7.18:::::::*`
cisco	sg300-10pp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-10pp_firmware:1.3.7.18:::::::*`
cisco	sg300-10mpp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-10mpp_firmware:1.3.7.18:::::::*`
cisco	sf300-24pp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf300-24pp_firmware:1.3.7.18:::::::*`
cisco	sf300-48pp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf300-48pp_firmware:1.3.7.18:::::::*`
cisco	sg300-28pp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-28pp_firmware:1.3.7.18:::::::*`
cisco	sf300-08_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf300-08_firmware:1.3.7.18:::::::*`
cisco	sf300-48p_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf300-48p_firmware:1.3.7.18:::::::*`
cisco	sg300-10mp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-10mp_firmware:1.3.7.18:::::::*`
cisco	sg300-10p_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-10p_firmware:1.3.7.18:::::::*`
cisco	sg300-10_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-10_firmware:1.3.7.18:::::::*`
cisco	sg300-28p_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-28p_firmware:1.3.7.18:::::::*`
cisco	sf300-24p_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf300-24p_firmware:1.3.7.18:::::::*`
cisco	sf302-08mp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf302-08mp_firmware:1.3.7.18:::::::*`
cisco	sg300-28_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-28_firmware:1.3.7.18:::::::*`
cisco	sf300-48_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf300-48_firmware:1.3.7.18:::::::*`
cisco	sg300-20_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-20_firmware:1.3.7.18:::::::*`
cisco	sf302-08p_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf302-08p_firmware:1.3.7.18:::::::*`
cisco	sg300-52_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-52_firmware:1.3.7.18:::::::*`
cisco	sf300-24_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf300-24_firmware:1.3.7.18:::::::*`
cisco	sf302-08_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf302-08_firmware:1.3.7.18:::::::*`
cisco	sf300-24mp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sf300-24mp_firmware:1.3.7.18:::::::*`
cisco	sg300-10sfp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-10sfp_firmware:1.3.7.18:::::::*`
cisco	sg300-28mp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-28mp_firmware:1.3.7.18:::::::*`
cisco	sg300-52p_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-52p_firmware:1.3.7.18:::::::*`
cisco	sg300-52mp_firmware	1.3.7.18	-	-	`cpe:2.3:o:cisco:sg300-52mp_firmware:1.3.7.18:::::::*`
cisco	sg500-28mpp_firmware	-	-	-	`cpe:2.3:o:cisco:sg500-28mpp_firmware:-:::::::*`
cisco	sg500-52mp_firmware	-	-	-	`cpe:2.3:o:cisco:sg500-52mp_firmware:-:::::::*`
cisco	sg500xg-8f8t_firmware	-	-	-	`cpe:2.3:o:cisco:sg500xg-8f8t_firmware:-:::::::*`
cisco	sf500-24_firmware	-	-	-	`cpe:2.3:o:cisco:sf500-24_firmware:-:::::::*`
cisco	sf500-24p_firmware	-	-	-	`cpe:2.3:o:cisco:sf500-24p_firmware:-:::::::*`
cisco	sf500-48_firmware	-	-	-	`cpe:2.3:o:cisco:sf500-48_firmware:-:::::::*`
cisco	sf500-48p_firmware	-	-	-	`cpe:2.3:o:cisco:sf500-48p_firmware:-:::::::*`
cisco	sg500-28_firmware	-	-	-	`cpe:2.3:o:cisco:sg500-28_firmware:-:::::::*`
cisco	sg500-28p_firmware	-	-	-	`cpe:2.3:o:cisco:sg500-28p_firmware:-:::::::*`
cisco	sg500-52_firmware	-	-	-	`cpe:2.3:o:cisco:sg500-52_firmware:-:::::::*`
cisco	sg500-52p_firmware	-	-	-	`cpe:2.3:o:cisco:sg500-52p_firmware:-:::::::*`
cisco	sg500x-24_firmware	-	-	-	`cpe:2.3:o:cisco:sg500x-24_firmware:-:::::::*`
cisco	sg500x-24p_firmware	-	-	-	`cpe:2.3:o:cisco:sg500x-24p_firmware:-:::::::*`
cisco	sg500x-48_firmware	-	-	-	`cpe:2.3:o:cisco:sg500x-48_firmware:-:::::::*`
cisco	sg500x-48p_firmware	-	-	-	`cpe:2.3:o:cisco:sg500x-48p_firmware:-:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

20190717 Cisco Small Business Series Switches Open Redirect Vulnerability vendor-advisory
cve.org

访问

109288 vdb-entry
cve.org

访问

ExploitDB EDB-47118 EXPLOIT
exploitdb

访问

Download Exploit EDB-47118 EXPLOIT
exploitdb

访问

CVE Reference: CVE-2019-1943 ADVISORY
cve.org

访问

CVSS评分详情

3.0 (cna)

MEDIUM

4.7

CVSS向量: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

机密性

LOW

完整性

LOW

可用性

NONE

时间信息

发布时间:

2019-07-17 20:30:16

修改时间:

2024-11-21 19:18:29

创建时间:

2025-11-11 15:35:41

更新时间:

2025-11-11 16:51:47

利用信息

此漏洞有可利用代码！

利用代码数量: 1

利用来源:

未知

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2019-1943`	2025-11-11 15:20:09	2025-11-11 07:35:41
NVD	`nvd_CVE-2019-1943`	2025-11-11 14:56:24	2025-11-11 07:44:11
CNNVD	`cnnvd_CNNVD-201907-779`	2025-11-11 15:10:14	2025-11-11 07:54:43
EXPLOITDB	`exploitdb_EDB-47118`	2025-11-11 15:05:22	2025-11-11 08:51:47

版本与语言

当前版本: v4

主要语言: EN

支持语言:

EN ZH

其他标识符:

安全公告

暂无安全公告信息

变更历史

v4 EXPLOITDB

2025-11-11 16:51:47

references_count: 2 → 5; tags_count: 0 → 3; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']

查看详细变更

references_count: 2 -> 5
tags_count: 0 -> 3
data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']

v3 CNNVD

2025-11-11 15:54:43

vulnerability_type: 未提取 → 输入验证错误; cnnvd_id: 未提取 → CNNVD-201907-779; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 输入验证错误
cnnvd_id: 未提取 -> CNNVD-201907-779
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:44:11

affected_products_count: 1 → 58; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

affected_products_count: 1 -> 58
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2019-1943 (CNNVD-201907-779)

中文标题:

Cisco Small Business 200、300和500 Switches 输入验证错误漏洞

英文标题:

Cisco Small Business Series Switches Open Redirect Vulnerability

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

3.0 (cna)

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史