Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Webex Business Suite Host Header Value Integrity Vulnerability
Vulnerability Description
Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-the-middle or by intercepting wireless network traffic, could exploit this vulnerability to manipulate header values sent by a client to the affected application. The attacker could cause the application to use input from the header to redirect a user from the Cisco Webex Meetings Online site to an arbitrary site of the attacker's choosing.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Cisco Webex Business Suite 数据伪造问题漏洞
Vulnerability Description
Cisco Webex Business Suite是美国思科(Cisco)公司的一套视频会议解决方案。 Cisco Webex Business Suite 39.1.0之前版本中存在数据伪造问题漏洞,该漏洞源于程序没有正确验证消息报头中的‘host’字段。攻击者可利用该漏洞将用户从Cisco Webex Meetings Online站点重定向到攻击者选择的任意站点。
CVSS Information
N/A
Vulnerability Type
N/A