CVE-2019-1914

Name of the Vulnerable Software and Affected Versions Cisco Small Business 220 Series Smart Switches (affected versions not specified)

Description The issue is related to a command injection attack in the web management interface of the affected switches. This is due to insufficient validation of user-supplied input, allowing an attacker to execute arbitrary shell commands with root privileges. The attack requires a valid login session with a privilege level 15 user and can be performed by sending a malicious HTTP or HTTPS request, depending on the device's configuration.

Recommendations For Cisco Small Business 220 Series Smart Switches, consider restricting access to the web management interface until a fix is available. As a temporary workaround, limit the privileges of users who have access to the web management interface to minimize the risk of exploitation. Avoid using the web management interface for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.