Lucene search

CiscoCVE-2019-12636

HistoryOct 16, 2019 - 7:15 p.m.

CVE-2019-12636

2019-10-1619:15:10

CWE-352

cisco

web.nvd.nist.gov

cve

2019

12636

cisco

small business

smart

managed

switches

csrf

vulnerability

web-based management interface

remote attack

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

51.6%

JSON

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.

Affected configurations

Nvd

Node

ciscosf250-24Match-

AND

ciscosf250-24_firmwareRange<2.5.0.90

Node

ciscosf250-24pMatch-

AND

ciscosf250-24p_firmwareRange<2.5.0.90

Node

ciscosf250-48Match-

AND

ciscosf250-48_firmwareRange<2.5.0.90

Node

ciscosf250-48hpMatch-

AND

ciscosf250-48hp_firmwareRange<2.5.0.90

Node

ciscosf250-08Match-

AND

ciscosf250-08_firmwareRange<2.5.0.90

Node

ciscosf250-08hpMatch-

AND

ciscosf250-08hp_firmwareRange<2.5.0.90

Node

ciscosf250-10pMatch-

AND

ciscosf250-10p_firmwareRange<2.5.0.90

Node

ciscosf250-18Match-

AND

ciscosf250-18_firmwareRange<2.5.0.90

Node

ciscosf250-26_firmwareRange<2.5.0.90

AND

ciscosf250-26Match-

Node

ciscosf250-26hp_firmwareRange<2.5.0.90

AND

ciscosf250-26hpMatch-

Node

ciscosf250-26p_firmwareRange<2.5.0.90

AND

ciscosf250-26pMatch-

Node

ciscosf250-50_firmwareRange<2.5.0.90

AND

ciscosf250-50Match-

Node

ciscosf250-50hp_firmwareRange<2.5.0.90

AND

ciscosf250-50hpMatch-

Node

ciscosf250-50p_firmwareRange<2.5.0.90

AND

ciscosf250-50pMatch-

Node

ciscosf250x-24_firmwareRange<2.5.0.90

AND

ciscosf250x-24Match-

Node

ciscosf250x-24p_firmwareRange<2.5.0.90

AND

ciscosf250x-24pMatch-

Node

ciscosf250x-48_firmwareRange<2.5.0.90

AND

ciscosf250x-48Match-

Node

ciscosf250x-48p_firmwareRange<2.5.0.90

AND

ciscosf250x-48pMatch-

Node

ciscosg350-10_firmwareRange<2.5.0.90

AND

ciscosg350-10Match-

Node

ciscosg350-10p_firmwareRange<2.5.0.90

AND

ciscosg350-10pMatch-

Node

ciscosg350-10mp_firmwareRange<2.5.0.90

AND

ciscosg350-10mpMatch-

Node

ciscosg355-10p_firmwareRange<2.5.0.90

AND

ciscosg355-10pMatch-

Node

ciscosg350-28_firmwareRange<2.5.0.90

AND

ciscosg350-28Match-

Node

ciscosg350-28p_firmwareRange<2.5.0.90

AND

ciscosg350-28pMatch-

Node

ciscosg350-28mp_firmwareRange<2.5.0.90

AND

ciscosg350-28mpMatch-

Node

ciscosf350-48_firmwareRange<2.5.0.90

AND

ciscosf350-48Match-

Node

ciscosf350-48p_firmwareRange<2.5.0.90

AND

ciscosf350-48pMatch-

Node

ciscosf350-48mp_firmwareRange<2.5.0.90

AND

ciscosf350-48mpMatch-

Node

ciscosx550x-16ft_firmwareRange<2.5.0.90

AND

ciscosx550x-16ftMatch-

Node

ciscosx550x-24ft_firmwareRange<2.5.0.90

AND

ciscosx550x-24ftMatch-

Node

ciscosx550x-12f_firmwareRange<2.5.0.90

AND

ciscosx550x-12fMatch-

Node

ciscosx550x-24f_firmwareRange<2.5.0.90

AND

ciscosx550x-24fMatch-

Node

ciscosx550x-24_firmwareRange<2.5.0.90

AND

ciscosx550x-24Match-

Node

ciscosx550x-52_firmwareRange<2.5.0.90

AND

ciscosx550x-52Match-

Node

ciscosg550x-24_firmwareRange<2.5.0.90

AND

ciscosg550x-24Match-

Node

ciscosg550x-24p_firmwareRange<2.5.0.90

AND

ciscosg550x-24pMatch-

Node

ciscosg550x-24mp_firmwareRange<2.5.0.90

AND

ciscosg550x-24mpMatch-

Node

ciscosg550x-24mpp_firmwareRange<2.5.0.90

AND

ciscosg550x-24mppMatch-

Node

ciscosg550x-48_firmwareRange<2.5.0.90

AND

ciscosg550x-48Match-

Node

ciscosg550x-48p_firmwareRange<2.5.0.90

AND

ciscosg550x-48pMatch-

Node

ciscosg550x-48mp_firmwareRange<2.5.0.90

AND

ciscosg550x-48mpMatch-

Node

ciscosf550x-24_firmwareRange<2.5.0.90

AND

ciscosf550x-24Match-

Node

ciscosf550x-24p_firmwareRange<2.5.0.90

AND

ciscosf550x-24pMatch-

Node

ciscosf550x-24mp_firmwareRange<2.5.0.90

AND

ciscosf550x-24mpMatch-

Node

ciscosf550x-48_firmwareRange<2.5.0.90

AND

ciscosf550x-48Match-

Node

ciscosf550x-48p_firmwareRange<2.5.0.90

AND

ciscosf550x-48pMatch-

Node

ciscosf550x-48mp_firmwareRange<2.5.0.90

AND

ciscosf550x-48mpMatch-

Node

ciscosf200-24_firmwareRange<1.4.11

AND

ciscosf200-24Match-

Node

ciscosf200-24fp_firmwareRange<1.4.11

AND

ciscosf200-24fpMatch-

Node

ciscosf200-24p_firmwareRange<1.4.11.02

AND

ciscosf200-24pMatch-

Node

ciscosf200-48_firmwareRange<1.4.11.02

AND

ciscosf200-48Match-

Node

ciscosf200-48p_firmwareRange<1.4.11.02

AND

ciscosf200-48pMatch-

Node

ciscosf200e-24_firmwareRange<1.4.11.02

AND

ciscosf200e-24Match-

Node

ciscosf200e-24p_firmwareRange<1.4.11.02

AND

ciscosf200e-24pMatch-

Node

ciscosf200e-48_firmwareRange<1.4.11.02

AND

ciscosf200e-48Match-

Node

ciscosf200e48p_firmwareRange<1.4.11.02

AND

ciscosf200e48pMatch-

Node

ciscosg200-08_firmwareRange<1.4.11.02

AND

ciscosg200-08Match-

Node

ciscosg200-08p_firmwareRange<1.4.11.02

AND

ciscosg200-08pMatch-

Node

ciscosg200-10fp_firmwareRange<1.4.11.02

AND

ciscosg200-10fpMatch-

Node

ciscosg200-18_firmwareRange<1.4.11.02

AND

ciscosg200-18Match-

Node

ciscosg200-26_firmwareRange<1.4.11.02

AND

ciscosg200-26Match-

Node

ciscosg200-26fp_firmwareRange<1.4.11.02

AND

ciscosg200-26fpMatch-

Node

ciscosg200-26p_firmwareRange<1.4.11.02

AND

ciscosg200-26pMatch-

Node

ciscosg200-50_firmwareRange<1.4.11.02

AND

ciscosg200-50Match-

Node

ciscosg200-50fp_firmwareRange<1.4.11.02

AND

ciscosg200-50fpMatch-

Node

ciscosg200-50p_firmwareRange<1.4.11.02

AND

ciscosg200-50pMatch-

Node

ciscosf302-08pp_firmwareRange<1.4.11.02

AND

ciscosf302-08ppMatch-

Node

ciscosf302-08mpp_firmwareRange<1.4.11.02

AND

ciscosf302-08mppMatch-

Node

ciscosg300-10pp_firmwareRange<1.4.11.02

AND

ciscosg300-10ppMatch-

Node

ciscosg300-10mpp_firmwareRange<1.4.11.02

AND

ciscosg300-10mppMatch-

Node

ciscosf300-24pp_firmwareRange<1.4.11.02

AND

ciscosf300-24ppMatch-

Node

ciscosf300-48pp_firmwareRange<1.4.11.02

AND

ciscosf300-48ppMatch-

Node

ciscosg300-28pp_firmwareRange<1.4.11.02

AND

ciscosg300-28ppMatch-

Node

ciscosf300-08_firmwareRange<1.4.11.02

AND

ciscosf300-08Match-

Node

ciscosf300-48p_firmwareRange<1.4.11.02

AND

ciscosf300-48pMatch-

Node

ciscosg300-10mp_firmwareRange<1.4.11.02

AND

ciscosg300-10mpMatch-

Node

ciscosg300-10p_firmwareRange<1.4.11.02

AND

ciscosg300-10pMatch-

Node

ciscosg300-10_firmwareRange<1.4.11.02

AND

ciscosg300-10Match-

Node

ciscosg300-28p_firmwareRange<1.4.11.02

AND

ciscosg300-28pMatch-

Node

ciscosf300-24p_firmwareRange<1.4.11.02

AND

ciscosf300-24pMatch-

Node

ciscosf302-08mp_firmwareRange<1.4.11.02

AND

ciscosf302-08mpMatch-

Node

ciscosg300-28_firmwareRange<1.4.11.02

AND

ciscosg300-28Match-

Node

ciscosf300-48_firmwareRange<1.4.11.02

AND

ciscosf300-48Match-

Node

ciscosg300-20_firmwareRange<1.4.11.02

AND

ciscosg300-20Match-

Node

ciscosf302-08p_firmwareRange<1.4.11.02

AND

ciscosf302-08pMatch-

Node

ciscosg300-52_firmwareRange<1.4.11.02

AND

ciscosg300-52Match-

Node

ciscosf300-24_firmwareRange<1.4.11.02

AND

ciscosf300-24Match-

Node

ciscosf302-08_firmwareRange<1.4.11.02

AND

ciscosf302-08Match-

Node

ciscosf300-24mp_firmwareRange<1.4.11.02

AND

ciscosf300-24mpMatch-

Node

ciscosg300-10sfp_firmwareRange<1.4.11.02

AND

ciscosg300-10sfpMatch-

Node

ciscosg300-28mp_firmwareRange<1.4.11.02

AND

ciscosg300-28mpMatch-

Node

ciscosg300-52p_firmwareRange<1.4.11.02

AND

ciscosg300-52pMatch-

Node

ciscosg300-52mp_firmwareRange<1.4.11.02

AND

ciscosg300-52mpMatch-

Node

ciscosg500-28mpp_firmwareRange<1.4.11.02

AND

ciscosg500-28mppMatch-

Node

ciscosg500-52mp_firmwareRange<1.4.11.02

AND

ciscosg500-52mpMatch-

Node

ciscosg500xg-8f8t_firmwareRange<1.4.11.02

AND

ciscosg500xg-8f8tMatch-

Node

ciscosf500-24_firmwareRange<1.4.11.02

AND

ciscosf500-24Match-

Node

ciscosf500-24p_firmwareRange<1.4.11.02

AND

ciscosf500-24pMatch-

Node

ciscosf500-48_firmwareRange<1.4.11.02

AND

ciscosf500-48Match-

Node

ciscosf500-48p_firmwareRange<1.4.11.02

AND

ciscosf500-48pMatch-

Node

ciscosg500-28_firmwareRange<1.4.11.02

AND

ciscosg500-28Match-

Node

ciscosg500-28p_firmwareRange<1.4.11.02

AND

ciscosg500-28pMatch-

Node

ciscosg500-52_firmwareRange<1.4.11.02

AND

ciscosg500-52Match-

Node

ciscosg500-52p_firmwareRange<1.4.11.02

AND

ciscosg500-52pMatch-

Node

ciscosg500x-24_firmwareRange<1.4.11.02

AND

ciscosg500x-24Match-

Node

ciscosg500x-24p_firmwareRange<1.4.11.02

AND

ciscosg500x-24pMatch-

Node

ciscosg500x-48_firmwareRange<1.4.11.02

AND

ciscosg500x-48Match-

Node

ciscosg500x-48p_firmwareRange<1.4.11.02

AND

ciscosg500x-48pMatch-

VendorProductVersionCPE
ciscosf250-24-cpe:2.3:h:cisco:sf250-24:-:*:*:*:*:*:*:*
ciscosf250-24_firmware*cpe:2.3:o:cisco:sf250-24_firmware:*:*:*:*:*:*:*:*
ciscosf250-24p-cpe:2.3:h:cisco:sf250-24p:-:*:*:*:*:*:*:*
ciscosf250-24p_firmware*cpe:2.3:o:cisco:sf250-24p_firmware:*:*:*:*:*:*:*:*
ciscosf250-48-cpe:2.3:h:cisco:sf250-48:-:*:*:*:*:*:*:*
ciscosf250-48_firmware*cpe:2.3:o:cisco:sf250-48_firmware:*:*:*:*:*:*:*:*
ciscosf250-48hp-cpe:2.3:h:cisco:sf250-48hp:-:*:*:*:*:*:*:*
ciscosf250-48hp_firmware*cpe:2.3:o:cisco:sf250-48hp_firmware:*:*:*:*:*:*:*:*
ciscosf250-08-cpe:2.3:h:cisco:sf250-08:-:*:*:*:*:*:*:*
ciscosf250-08_firmware*cpe:2.3:o:cisco:sf250-08_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	sf250-24	-	cpe:2.3:h:cisco:sf250-24:-:::::::*
cisco	sf250-24_firmware	*	cpe:2.3:o:cisco:sf250-24_firmware::::::::
cisco	sf250-24p	-	cpe:2.3:h:cisco:sf250-24p:-:::::::*
cisco	sf250-24p_firmware	*	cpe:2.3:o:cisco:sf250-24p_firmware::::::::
cisco	sf250-48	-	cpe:2.3:h:cisco:sf250-48:-:::::::*
cisco	sf250-48_firmware	*	cpe:2.3:o:cisco:sf250-48_firmware::::::::
cisco	sf250-48hp	-	cpe:2.3:h:cisco:sf250-48hp:-:::::::*
cisco	sf250-48hp_firmware	*	cpe:2.3:o:cisco:sf250-48hp_firmware::::::::
cisco	sf250-08	-	cpe:2.3:h:cisco:sf250-08:-:::::::*
cisco	sf250-08_firmware	*	cpe:2.3:o:cisco:sf250-08_firmware::::::::

Rows per page:

1-10 of 2161

CNA Affected

[
  {
    "product": "Cisco Small Business 250 Series Smart Switches Software",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-csrf

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

51.6%

JSON

Related for CVE-2019-12636