CVE-2019-1913

Name of the Vulnerable Software and Affected Versions Cisco Small Business 220 Series (affected versions not specified)

Description The issue is related to errors in input validation and buffer overflow in the memory, allowing a remote attacker to potentially elevate privileges and execute arbitrary code by sending specially crafted HTTP or HTTPS requests, depending on the device's configuration. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer.

Recommendations For Cisco Small Business 220 Series, consider restricting access to the web management interface until a fix is available. As a temporary workaround, avoid using the web management interface for administrative tasks until the issue is resolved. Restrict access to the device via HTTP or HTTPS to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.