Lucene search

[email protected]CVE-2019-1912

HistoryAug 07, 2019 - 6:15 a.m.

CVE-2019-1912

2019-08-0706:15:00

CWE-863

[email protected]

web.nvd.nist.gov

101

cisco

small business

smart switches

vulnerability

remote file upload

cve-2019-1912

nvd

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9.3 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

56.7%

JSON

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell. This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default.

CPENameOperatorVersion
cisco:sf-220-24_firmwarecisco sf-220-24 firmwarelt1.1.4.4
cisco:sf220-24p_firmwarecisco sf220-24p firmwarelt1.1.4.4
cisco:sf220-48_firmwarecisco sf220-48 firmwarelt1.1.4.4
cisco:sf220-48p_firmwarecisco sf220-48p firmwarelt1.1.4.4
cisco:sg220-26_firmwarecisco sg220-26 firmwarelt1.1.4.4
cisco:sg220-26p_firmwarecisco sg220-26p firmwarelt1.1.4.4
cisco:sg220-28_firmwarecisco sg220-28 firmwarelt1.1.4.4
cisco:sg220-28mp_firmwarecisco sg220-28mp firmwarelt1.1.4.4
cisco:sg220-50_firmwarecisco sg220-50 firmwarelt1.1.4.4
cisco:sg220-50p_firmwarecisco sg220-50p firmwarelt1.1.4.4

CPE	Name	Operator	Version
cisco:sf-220-24_firmware	cisco sf-220-24 firmware	lt	1.1.4.4
cisco:sf220-24p_firmware	cisco sf220-24p firmware	lt	1.1.4.4
cisco:sf220-48_firmware	cisco sf220-48 firmware	lt	1.1.4.4
cisco:sf220-48p_firmware	cisco sf220-48p firmware	lt	1.1.4.4
cisco:sg220-26_firmware	cisco sg220-26 firmware	lt	1.1.4.4
cisco:sg220-26p_firmware	cisco sg220-26p firmware	lt	1.1.4.4
cisco:sg220-28_firmware	cisco sg220-28 firmware	lt	1.1.4.4
cisco:sg220-28mp_firmware	cisco sg220-28mp firmware	lt	1.1.4.4
cisco:sg220-50_firmware	cisco sg220-50 firmware	lt	1.1.4.4
cisco:sg220-50p_firmware	cisco sg220-50p firmware	lt	1.1.4.4

Rows per page:

1-10 of 111

References

packetstormsecurity.com/files/154667/Realtek-Managed-Switch-Controller-RTL83xx-Stack-Overflow.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-auth_bypass

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9.3 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

56.7%

JSON

Related for CVE-2019-1912

cisco1 prion1 talosblog1 zdt1 packetstorm1 threatpost1