CVE-2019-1912

Name of the Vulnerable Software and Affected Versions Cisco Small Business 220 Series Smart Switches versions prior to 1.1.4.4

Description A vulnerability in the web management interface could allow an unauthenticated, remote attacker to upload arbitrary files due to incomplete authorization checks. An attacker could exploit this by sending a malicious request to certain parts of the web management interface, potentially via HTTP or HTTPS, depending on the switch's configuration. A successful exploit could allow the attacker to modify the device's configuration or inject a reverse shell.

Recommendations For versions prior to 1.1.4.4, update the firmware to version 1.1.4.4 or later to resolve the issue. As a temporary workaround, consider disabling the web management interface until a patch is available. Restrict access to the web management interface to minimize the risk of exploitation. Avoid using the web management interface via HTTP or HTTPS until the issue is resolved.