Lucene search

CiscoCVE-2019-12718

HistoryOct 16, 2019 - 7:15 p.m.

CVE-2019-12718

2019-10-1619:15:11

CWE-79

cisco

web.nvd.nist.gov

cve-2019-12718

vulnerability

web interface

cisco

small business

smart switches

managed switches

cross-site scripting

xss

remote attacker

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and subsequently access a specific web interface page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Affected configurations

Nvd

Node

ciscosf250-24Match-

AND

ciscosf250-24_firmwareRange<2.5.0.90

Node

ciscosf250-24pMatch-

AND

ciscosf250-24p_firmwareRange<2.5.0.90

Node

ciscosf250-48Match-

AND

ciscosf250-48_firmwareRange<2.5.0.90

Node

ciscosf250-48hpMatch-

AND

ciscosf250-48hp_firmwareRange<2.5.0.90

Node

ciscosf250-08Match-

AND

ciscosf250-08_firmwareRange<2.5.0.90

Node

ciscosf250-08hpMatch-

AND

ciscosf250-08hp_firmwareRange<2.5.0.90

Node

ciscosf250-10pMatch-

AND

ciscosf250-10p_firmwareRange<2.5.0.90

Node

ciscosf250-18Match-

AND

ciscosf250-18_firmwareRange<2.5.0.90

Node

ciscosf250-26_firmwareRange<2.5.0.90

AND

ciscosf250-26Match-

Node

ciscosf250-26hp_firmwareRange<2.5.0.90

AND

ciscosf250-26hpMatch-

Node

ciscosf250-26p_firmwareRange<2.5.0.90

AND

ciscosf250-26pMatch-

Node

ciscosf250-50_firmwareRange<2.5.0.90

AND

ciscosf250-50Match-

Node

ciscosf250-50hp_firmwareRange<2.5.0.90

AND

ciscosf250-50hpMatch-

Node

ciscosf250-50p_firmwareRange<2.5.0.90

AND

ciscosf250-50pMatch-

Node

ciscosf250x-24_firmwareRange<2.5.0.90

AND

ciscosf250x-24Match-

Node

ciscosf250x-24p_firmwareRange<2.5.0.90

AND

ciscosf250x-24pMatch-

Node

ciscosf250x-48_firmwareRange<2.5.0.90

AND

ciscosf250x-48Match-

Node

ciscosf250x-48p_firmwareRange<2.5.0.90

AND

ciscosf250x-48pMatch-

Node

ciscosg350-10_firmwareRange<2.5.0.90

AND

ciscosg350-10Match-

Node

ciscosg350-10p_firmwareRange<2.5.0.90

AND

ciscosg350-10pMatch-

Node

ciscosg350-10mp_firmwareRange<2.5.0.90

AND

ciscosg350-10mpMatch-

Node

ciscosg355-10p_firmwareRange<2.5.0.90

AND

ciscosg355-10pMatch-

Node

ciscosg350-28_firmwareRange<2.5.0.90

AND

ciscosg350-28Match-

Node

ciscosg350-28p_firmwareRange<2.5.0.90

AND

ciscosg350-28pMatch-

Node

ciscosg350-28mp_firmwareRange<2.5.0.90

AND

ciscosg350-28mpMatch-

Node

ciscosf350-48_firmwareRange<2.5.0.90

AND

ciscosf350-48Match-

Node

ciscosf350-48p_firmwareRange<2.5.0.90

AND

ciscosf350-48pMatch-

Node

ciscosf350-48mp_firmwareRange<2.5.0.90

AND

ciscosf350-48mpMatch-

Node

ciscosx550x-16ft_firmwareRange<2.5.0.90

AND

ciscosx550x-16ftMatch-

Node

ciscosx550x-24ft_firmwareRange<2.5.0.90

AND

ciscosx550x-24ftMatch-

Node

ciscosx550x-12f_firmwareRange<2.5.0.90

AND

ciscosx550x-12fMatch-

Node

ciscosx550x-24f_firmwareRange<2.5.0.90

AND

ciscosx550x-24fMatch-

Node

ciscosx550x-24_firmwareRange<2.5.0.90

AND

ciscosx550x-24Match-

Node

ciscosx550x-52_firmwareRange<2.5.0.90

AND

ciscosx550x-52Match-

Node

ciscosg550x-24_firmwareRange<2.5.0.90

AND

ciscosg550x-24Match-

Node

ciscosg550x-24p_firmwareRange<2.5.0.90

AND

ciscosg550x-24pMatch-

Node

ciscosg550x-24mp_firmwareRange<2.5.0.90

AND

ciscosg550x-24mpMatch-

Node

ciscosg550x-24mpp_firmwareRange<2.5.0.90

AND

ciscosg550x-24mppMatch-

Node

ciscosg550x-48_firmwareRange<2.5.0.90

AND

ciscosg550x-48Match-

Node

ciscosg550x-48p_firmwareRange<2.5.0.90

AND

ciscosg550x-48pMatch-

Node

ciscosg550x-48mp_firmwareRange<2.5.0.90

AND

ciscosg550x-48mpMatch-

Node

ciscosf550x-24_firmwareRange<2.5.0.90

AND

ciscosf550x-24Match-

Node

ciscosf550x-24p_firmwareRange<2.5.0.90

AND

ciscosf550x-24pMatch-

Node

ciscosf550x-24mp_firmwareRange<2.5.0.90

AND

ciscosf550x-24mpMatch-

Node

ciscosf550x-48_firmwareRange<2.5.0.90

AND

ciscosf550x-48Match-

Node

ciscosf550x-48p_firmwareRange<2.5.0.90

AND

ciscosf550x-48pMatch-

Node

ciscosf550x-48mp_firmwareRange<2.5.0.90

AND

ciscosf550x-48mpMatch-

Node

ciscosf200-24_firmwareRange<1.4.11

AND

ciscosf200-24Match-

Node

ciscosf200-24fp_firmwareRange<1.4.11

AND

ciscosf200-24fpMatch-

Node

ciscosf200-24p_firmwareRange<1.4.11

AND

ciscosf200-24pMatch-

Node

ciscosf200-48_firmwareRange<1.4.11

AND

ciscosf200-48Match-

Node

ciscosf200-48p_firmwareRange<1.4.11

AND

ciscosf200-48pMatch-

Node

ciscosf200e-24_firmwareRange<1.4.11

AND

ciscosf200e-24Match-

Node

ciscosf200e-24p_firmwareRange<1.4.11

AND

ciscosf200e-24pMatch-

Node

ciscosf200e-48_firmwareRange<1.4.11

AND

ciscosf200e-48Match-

Node

ciscosf200e48p_firmwareRange<1.4.11

AND

ciscosf200e48pMatch-

Node

ciscosg200-08_firmwareRange<1.4.11

AND

ciscosg200-08Match-

Node

ciscosg200-08p_firmwareRange<1.4.11

AND

ciscosg200-08pMatch-

Node

ciscosg200-10fp_firmwareRange<1.4.11

AND

ciscosg200-10fpMatch-

Node

ciscosg200-18_firmwareRange<1.4.11

AND

ciscosg200-18Match-

Node

ciscosg200-26_firmwareRange<1.4.11

AND

ciscosg200-26Match-

Node

ciscosg200-26fp_firmwareRange<1.4.11

AND

ciscosg200-26fpMatch-

Node

ciscosg200-26p_firmwareRange<1.4.11

AND

ciscosg200-26pMatch-

Node

ciscosg200-50_firmwareRange<1.4.11

AND

ciscosg200-50Match-

Node

ciscosg200-50fp_firmwareRange<1.4.11

AND

ciscosg200-50fpMatch-

Node

ciscosg200-50p_firmwareRange<1.4.11

AND

ciscosg200-50pMatch-

Node

ciscosf302-08pp_firmwareRange<1.4.11

AND

ciscosf302-08ppMatch-

Node

ciscosf302-08mpp_firmwareRange<1.4.11

AND

ciscosf302-08mppMatch-

Node

ciscosg300-10pp_firmwareRange<1.4.11

AND

ciscosg300-10ppMatch-

Node

ciscosg300-10mpp_firmwareRange<1.4.11

AND

ciscosg300-10mppMatch-

Node

ciscosf300-24pp_firmwareRange<1.4.11

AND

ciscosf300-24ppMatch-

Node

ciscosf300-48pp_firmwareRange<1.4.11

AND

ciscosf300-48ppMatch-

Node

ciscosg300-28pp_firmwareRange<1.4.11

AND

ciscosg300-28ppMatch-

Node

ciscosf300-08_firmwareRange<1.4.11

AND

ciscosf300-08Match-

Node

ciscosf300-48p_firmwareRange<1.4.11

AND

ciscosf300-48pMatch-

Node

ciscosg300-10mp_firmwareRange<1.4.11

AND

ciscosg300-10mpMatch-

Node

ciscosg300-10p_firmwareRange<1.4.11

AND

ciscosg300-10pMatch-

Node

ciscosg300-10_firmwareRange<1.4.11

AND

ciscosg300-10Match-

Node

ciscosg300-28p_firmwareRange<1.4.11

AND

ciscosg300-28pMatch-

Node

ciscosf300-24p_firmwareRange<1.4.11

AND

ciscosf300-24pMatch-

Node

ciscosf302-08mp_firmwareRange<1.4.11

AND

ciscosf302-08mpMatch-

Node

ciscosg300-28_firmwareRange<1.4.11

AND

ciscosg300-28Match-

Node

ciscosf300-48_firmwareRange<1.4.11

AND

ciscosf300-48Match-

Node

ciscosg300-20_firmwareRange<1.4.11

AND

ciscosg300-20Match-

Node

ciscosf302-08p_firmwareRange<1.4.11

AND

ciscosf302-08pMatch-

Node

ciscosg300-52_firmwareRange<1.4.11

AND

ciscosg300-52Match-

Node

ciscosf300-24_firmwareRange<1.4.11

AND

ciscosf300-24Match-

Node

ciscosf302-08_firmwareRange<1.4.11

AND

ciscosf302-08Match-

Node

ciscosf300-24mp_firmwareRange<1.4.11

AND

ciscosf300-24mpMatch-

Node

ciscosg300-10sfp_firmwareRange<1.4.11

AND

ciscosg300-10sfpMatch-

Node

ciscosg300-28mp_firmwareRange<1.4.11

AND

ciscosg300-28mpMatch-

Node

ciscosg300-52p_firmwareRange<1.4.11

AND

ciscosg300-52pMatch-

Node

ciscosg300-52mp_firmwareRange<1.4.11

AND

ciscosg300-52mpMatch-

Node

ciscosg500-28mpp_firmwareRange<1.4.11

AND

ciscosg500-28mppMatch-

Node

ciscosg500-52mp_firmwareRange<1.4.11

AND

ciscosg500-52mpMatch-

Node

ciscosg500xg-8f8t_firmwareRange<1.4.11

AND

ciscosg500xg-8f8tMatch-

Node

ciscosf500-24_firmwareRange<1.4.11

AND

ciscosf500-24Match-

Node

ciscosf500-24p_firmwareRange<1.4.11

AND

ciscosf500-24pMatch-

Node

ciscosf500-48_firmwareRange<1.4.11

AND

ciscosf500-48Match-

Node

ciscosf500-48p_firmwareRange<1.4.11

AND

ciscosf500-48pMatch-

Node

ciscosg500-28_firmwareRange<1.4.11

AND

ciscosg500-28Match-

Node

ciscosg500-28p_firmwareRange<1.4.11

AND

ciscosg500-28pMatch-

Node

ciscosg500-52_firmwareRange<1.4.11

AND

ciscosg500-52Match-

Node

ciscosg500-52p_firmwareRange<1.4.11

AND

ciscosg500-52pMatch-

Node

ciscosg500x-24_firmwareRange<1.4.11

AND

ciscosg500x-24Match-

Node

ciscosg500x-24p_firmwareRange<1.4.11

AND

ciscosg500x-24pMatch-

Node

ciscosg500x-48_firmwareRange<1.4.11

AND

ciscosg500x-48Match-

Node

ciscosg500x-48p_firmwareRange<1.4.11

AND

ciscosg500x-48pMatch-

VendorProductVersionCPE
ciscosf250-24-cpe:2.3:h:cisco:sf250-24:-:*:*:*:*:*:*:*
ciscosf250-24_firmware*cpe:2.3:o:cisco:sf250-24_firmware:*:*:*:*:*:*:*:*
ciscosf250-24p-cpe:2.3:h:cisco:sf250-24p:-:*:*:*:*:*:*:*
ciscosf250-24p_firmware*cpe:2.3:o:cisco:sf250-24p_firmware:*:*:*:*:*:*:*:*
ciscosf250-48-cpe:2.3:h:cisco:sf250-48:-:*:*:*:*:*:*:*
ciscosf250-48_firmware*cpe:2.3:o:cisco:sf250-48_firmware:*:*:*:*:*:*:*:*
ciscosf250-48hp-cpe:2.3:h:cisco:sf250-48hp:-:*:*:*:*:*:*:*
ciscosf250-48hp_firmware*cpe:2.3:o:cisco:sf250-48hp_firmware:*:*:*:*:*:*:*:*
ciscosf250-08-cpe:2.3:h:cisco:sf250-08:-:*:*:*:*:*:*:*
ciscosf250-08_firmware*cpe:2.3:o:cisco:sf250-08_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	sf250-24	-	cpe:2.3:h:cisco:sf250-24:-:::::::*
cisco	sf250-24_firmware	*	cpe:2.3:o:cisco:sf250-24_firmware::::::::
cisco	sf250-24p	-	cpe:2.3:h:cisco:sf250-24p:-:::::::*
cisco	sf250-24p_firmware	*	cpe:2.3:o:cisco:sf250-24p_firmware::::::::
cisco	sf250-48	-	cpe:2.3:h:cisco:sf250-48:-:::::::*
cisco	sf250-48_firmware	*	cpe:2.3:o:cisco:sf250-48_firmware::::::::
cisco	sf250-48hp	-	cpe:2.3:h:cisco:sf250-48hp:-:::::::*
cisco	sf250-48hp_firmware	*	cpe:2.3:o:cisco:sf250-48hp_firmware::::::::
cisco	sf250-08	-	cpe:2.3:h:cisco:sf250-08:-:::::::*
cisco	sf250-08_firmware	*	cpe:2.3:o:cisco:sf250-08_firmware::::::::

Rows per page:

1-10 of 2161

CNA Affected

[
  {
    "product": "Cisco Small Business 200 Series Smart Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-xss

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

Related for CVE-2019-12718