Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2019-1914
HistoryAug 07, 2019 - 6:15 a.m.

CVE-2019-1914

2019-08-0706:15:12
CWE-20
cisco
web.nvd.nist.gov
181
cisco
small business
switches
vulnerability
command injection
cve-2019-1914
security
nvd

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.001

Percentile

44.0%

JSON

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.

Affected configurations

Nvd
Node
ciscosf-220-24_firmwareRange<1.1.4.4
AND
ciscosf-220-24Match-
Node
ciscosf220-24p_firmwareRange<1.1.4.4
AND
ciscosf220-24pMatch-
Node
ciscosf220-48_firmwareRange<1.1.4.4
AND
ciscosf220-48Match-
Node
ciscosf220-48p_firmwareRange<1.1.4.4
AND
ciscosf220-48pMatch-
Node
ciscosg220-26_firmwareRange<1.1.4.4
AND
ciscosg220-26Match-
Node
ciscosg220-26p_firmwareRange<1.1.4.4
AND
ciscosg220-26pMatch-
Node
ciscosg220-28_firmwareRange<1.1.4.4
AND
ciscosg220-28Match-
Node
ciscosg220-28mp_firmwareRange<1.1.4.4
AND
ciscosg220-28mpMatch-
Node
ciscosg220-50_firmwareRange<1.1.4.4
AND
ciscosg220-50Match-
Node
ciscosg220-50p_firmwareRange<1.1.4.4
AND
ciscosg220-50pMatch-
Node
ciscosg220-52_firmwareRange<1.1.4.4
AND
ciscosg220-52Match-
VendorProductVersionCPE
ciscosf-220-24_firmware*cpe:2.3:o:cisco:sf-220-24_firmware:*:*:*:*:*:*:*:*
ciscosf-220-24-cpe:2.3:h:cisco:sf-220-24:-:*:*:*:*:*:*:*
ciscosf220-24p_firmware*cpe:2.3:o:cisco:sf220-24p_firmware:*:*:*:*:*:*:*:*
ciscosf220-24p-cpe:2.3:h:cisco:sf220-24p:-:*:*:*:*:*:*:*
ciscosf220-48_firmware*cpe:2.3:o:cisco:sf220-48_firmware:*:*:*:*:*:*:*:*
ciscosf220-48-cpe:2.3:h:cisco:sf220-48:-:*:*:*:*:*:*:*
ciscosf220-48p_firmware*cpe:2.3:o:cisco:sf220-48p_firmware:*:*:*:*:*:*:*:*
ciscosf220-48p-cpe:2.3:h:cisco:sf220-48p:-:*:*:*:*:*:*:*
ciscosg220-26_firmware*cpe:2.3:o:cisco:sg220-26_firmware:*:*:*:*:*:*:*:*
ciscosg220-26-cpe:2.3:h:cisco:sg220-26:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 221

CNA Affected

[
  {
    "product": "Cisco Small Business 220 Series Smart Plus Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "1.1.4.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

cisco 1
nvd 1
cvelist 1
prion 1
zdt 1
packetstorm 1
exploitdb 1
threatpost 1
cisco
cisco
Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
2019-08-06 14:00:00
nvd
nvd
CVE-2019-1914
2019-08-07 06:15:12
cvelist
cvelist
CVE-2019-1914 Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
2019-08-07 05:50:11
prion
prion
Command injection
2019-08-07 06:15:00
zdt
zdt
Cisco Small Business 220 Series - Multiple Vulnerabilities
2019-10-01 00:00:00
packetstorm
packetstorm
Realtek Managed Switch Controller (RTL83xx) Stack Overflow
2019-09-30 00:00:00
exploitdb
exploitdb
Cisco Small Business 220 Series - Multiple Vulnerabilities
2019-09-30 00:00:00
threatpost
threatpost
Cisco Patches Six Critical Bugs in UCS Gear and Switches
2019-08-21 17:38:24

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.001

Percentile

44.0%

JSON
Related for CVE-2019-1914
cisco1nvd1cvelist1prion1zdt1packetstorm1exploitdb1threatpost1