Lucene search

CiscoCVE-2019-1913

HistoryAug 07, 2019 - 6:15 a.m.

CVE-2019-1913

2019-08-0706:15:11

CWE-119

cisco

web.nvd.nist.gov

128

cve-2019-1913

cisco

small business

220 series

smart switches

vulnerability

web management

buffer overflow

arbitrary code execution

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.008

Percentile

81.5%

JSON

Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS.

Affected configurations

Nvd

Node

ciscosf-220-24_firmwareRange<1.1.4.4

AND

ciscosf-220-24Match-

Node

ciscosf220-24p_firmwareRange<1.1.4.4

AND

ciscosf220-24pMatch-

Node

ciscosf220-48_firmwareRange<1.1.4.4

AND

ciscosf220-48Match-

Node

ciscosf220-48p_firmwareRange<1.1.4.4

AND

ciscosf220-48pMatch-

Node

ciscosg220-26_firmwareRange<1.1.4.4

AND

ciscosg220-26Match-

Node

ciscosg220-26p_firmwareRange<1.1.4.4

AND

ciscosg220-26pMatch-

Node

ciscosg220-28_firmwareRange<1.1.4.4

AND

ciscosg220-28Match-

Node

ciscosg220-28mp_firmwareRange<1.1.4.4

AND

ciscosg220-28mpMatch-

Node

ciscosg220-50_firmwareRange<1.1.4.4

AND

ciscosg220-50Match-

Node

ciscosg220-50p_firmwareRange<1.1.4.4

AND

ciscosg220-50pMatch-

Node

ciscosg220-52_firmwareRange<1.1.4.4

AND

ciscosg220-52Match-

VendorProductVersionCPE
ciscosf-220-24_firmware*cpe:2.3:o:cisco:sf-220-24_firmware:*:*:*:*:*:*:*:*
ciscosf-220-24-cpe:2.3:h:cisco:sf-220-24:-:*:*:*:*:*:*:*
ciscosf220-24p_firmware*cpe:2.3:o:cisco:sf220-24p_firmware:*:*:*:*:*:*:*:*
ciscosf220-24p-cpe:2.3:h:cisco:sf220-24p:-:*:*:*:*:*:*:*
ciscosf220-48_firmware*cpe:2.3:o:cisco:sf220-48_firmware:*:*:*:*:*:*:*:*
ciscosf220-48-cpe:2.3:h:cisco:sf220-48:-:*:*:*:*:*:*:*
ciscosf220-48p_firmware*cpe:2.3:o:cisco:sf220-48p_firmware:*:*:*:*:*:*:*:*
ciscosf220-48p-cpe:2.3:h:cisco:sf220-48p:-:*:*:*:*:*:*:*
ciscosg220-26_firmware*cpe:2.3:o:cisco:sg220-26_firmware:*:*:*:*:*:*:*:*
ciscosg220-26-cpe:2.3:h:cisco:sg220-26:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	sf-220-24_firmware	*	cpe:2.3:o:cisco:sf-220-24_firmware::::::::
cisco	sf-220-24	-	cpe:2.3:h:cisco:sf-220-24:-:::::::*
cisco	sf220-24p_firmware	*	cpe:2.3:o:cisco:sf220-24p_firmware::::::::
cisco	sf220-24p	-	cpe:2.3:h:cisco:sf220-24p:-:::::::*
cisco	sf220-48_firmware	*	cpe:2.3:o:cisco:sf220-48_firmware::::::::
cisco	sf220-48	-	cpe:2.3:h:cisco:sf220-48:-:::::::*
cisco	sf220-48p_firmware	*	cpe:2.3:o:cisco:sf220-48p_firmware::::::::
cisco	sf220-48p	-	cpe:2.3:h:cisco:sf220-48p:-:::::::*
cisco	sg220-26_firmware	*	cpe:2.3:o:cisco:sg220-26_firmware::::::::
cisco	sg220-26	-	cpe:2.3:h:cisco:sg220-26:-:::::::*

Rows per page:

1-10 of 221

CNA Affected

[
  {
    "product": "Cisco Small Business 220 Series Smart Plus Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "1.1.4.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]