PT-2019-2645 · Cisco · Cisco Small Business 300 Series Managed Switches+2

Published

2019-07-03

Updated

2019-10-09

CVE-2019-1891

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Cisco Small Business 200, 300, and 500 Series Managed Switches (affected versions not specified)

Description The issue is caused by insufficient validation of input data in the web interface of the affected devices. This could allow a remote attacker to cause a denial of service (DoS) condition by sending a specially crafted request to the web interface. A successful exploit may result in an unexpected reload of the device, leading to a DoS condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2019-02531

CVE-2019-1891

Affected Products

Cisco Small Business 200 Series Managed Switches

Cisco Small Business 300 Series Managed Switches

Cisco Small Business 500 Series Managed Switches

PT-2019-2645 · Cisco · Cisco Small Business 300 Series Managed Switches+2

CVE-2019-1891

Weakness Enumeration

Related Identifiers

Affected Products

References · 6