CVE-2019-12636

Name of the Vulnerable Software and Affected Versions Cisco Small Business Switches versions (affected versions not specified)

Description The issue is related to a lack of protection against cross-site request forgery (CSRF) attacks in the web-based management interface. This could allow a remote attacker to modify the device configuration or cause a denial of service (DoS) condition by persuading a user to follow a malicious link. The attacker could perform arbitrary actions with the privilege level of the targeted user, potentially altering the configuration, executing commands, or causing a DoS condition if the user has administrative privileges.

Recommendations For all affected versions, consider disabling access to the web-based management interface until a patch is available. Restrict access to the management interface to minimize the risk of exploitation. Avoid using the interface for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.