Lucene search

[email protected]CVE-2019-15993

HistorySep 23, 2020 - 1:15 a.m.

CVE-2019-15993

2020-09-2301:15:00

CWE-287

[email protected]

web.nvd.nist.gov

cisco

small business

switches

vulnerability

web ui

authentication

remote access

information security

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.

CPENameOperatorVersion
cisco:sg250x-24_firmwarecisco sg250x-24 firmwarelt2.5.0.92
cisco:sg250x-24p_firmwarecisco sg250x-24p firmwarelt2.5.0.92
cisco:sg250x-48_firmwarecisco sg250x-48 firmwarelt2.5.0.92
cisco:sg250x-48p_firmwarecisco sg250x-48p firmwarelt2.5.0.92
cisco:sg250-08_firmwarecisco sg250-08 firmwarelt2.5.0.92
cisco:sg250-08hp_firmwarecisco sg250-08hp firmwarelt2.5.0.92
cisco:sg250-10p_firmwarecisco sg250-10p firmwarelt2.5.0.92
cisco:sg250-18_firmwarecisco sg250-18 firmwarelt2.5.0.92
cisco:sg250-26_firmwarecisco sg250-26 firmwarelt2.5.0.92
cisco:sg250-26hp_firmwarecisco sg250-26hp firmwarelt2.5.0.92

CPE	Name	Operator	Version
cisco:sg250x-24_firmware	cisco sg250x-24 firmware	lt	2.5.0.92
cisco:sg250x-24p_firmware	cisco sg250x-24p firmware	lt	2.5.0.92
cisco:sg250x-48_firmware	cisco sg250x-48 firmware	lt	2.5.0.92
cisco:sg250x-48p_firmware	cisco sg250x-48p firmware	lt	2.5.0.92
cisco:sg250-08_firmware	cisco sg250-08 firmware	lt	2.5.0.92
cisco:sg250-08hp_firmware	cisco sg250-08hp firmware	lt	2.5.0.92
cisco:sg250-10p_firmware	cisco sg250-10p firmware	lt	2.5.0.92
cisco:sg250-18_firmware	cisco sg250-18 firmware	lt	2.5.0.92
cisco:sg250-26_firmware	cisco sg250-26 firmware	lt	2.5.0.92
cisco:sg250-26hp_firmware	cisco sg250-26hp firmware	lt	2.5.0.92

Rows per page:

1-10 of 1141

References

packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200129-smlbus-switch-disclos

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

Related for CVE-2019-15993

prion1 cisco1 packetstorm1 zdt1 threatpost1 exploitdb1