Lucene search

[email protected]CVE-2019-1892

HistoryJul 06, 2019 - 2:15 a.m.

CVE-2019-1892

2019-07-0602:15:00

CWE-119

[email protected]

web.nvd.nist.gov

401

cve-2019-1892

ssl

cisco

small business

managed switches

remote attacker

memory corruption

denial of service

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.3%

JSON

A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition.

CPENameOperatorVersion
cisco:sf200-24_firmwarecisco sf200-24 firmwarelt1.4.10.6
cisco:sf200-24p_firmwarecisco sf200-24p firmwarelt1.4.10.6
cisco:sf200-48_firmwarecisco sf200-48 firmwarelt1.4.10.6
cisco:sf200-48p_firmwarecisco sf200-48p firmwarelt1.4.10.6
cisco:sg200-18_firmwarecisco sg200-18 firmwarelt1.4.10.6
cisco:sg200-26_firmwarecisco sg200-26 firmwarelt1.4.10.6
cisco:sg200-26p_firmwarecisco sg200-26p firmwarelt1.4.10.6
cisco:sg200-50_firmwarecisco sg200-50 firmwarelt1.4.10.6
cisco:sg200-50p_firmwarecisco sg200-50p firmwarelt1.4.10.6
cisco:sg300-10_firmwarecisco sg300-10 firmwarelt1.4.10.6

CPE	Name	Operator	Version
cisco:sf200-24_firmware	cisco sf200-24 firmware	lt	1.4.10.6
cisco:sf200-24p_firmware	cisco sf200-24p firmware	lt	1.4.10.6
cisco:sf200-48_firmware	cisco sf200-48 firmware	lt	1.4.10.6
cisco:sf200-48p_firmware	cisco sf200-48p firmware	lt	1.4.10.6
cisco:sg200-18_firmware	cisco sg200-18 firmware	lt	1.4.10.6
cisco:sg200-26_firmware	cisco sg200-26 firmware	lt	1.4.10.6
cisco:sg200-26p_firmware	cisco sg200-26p firmware	lt	1.4.10.6
cisco:sg200-50_firmware	cisco sg200-50 firmware	lt	1.4.10.6
cisco:sg200-50p_firmware	cisco sg200-50p firmware	lt	1.4.10.6
cisco:sg300-10_firmware	cisco sg300-10 firmware	lt	1.4.10.6

Rows per page:

1-10 of 571

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.3%

JSON

Related for CVE-2019-1892

prion1 attackerkb1 cvelist1 cisco1