CVE-2019-15993

Name of the Vulnerable Software and Affected Versions Cisco Small Business Switches versions 200, 250, 300, 350, 350X, 500, 550X

Description The issue is related to inadequate data processing in the web interface of the affected devices, which could allow a remote attacker to gain unauthorized access to sensitive information. The vulnerability exists due to a lack of proper authentication controls for information accessible through the web interface. An attacker could exploit this by sending a malicious HTTP request to the web UI of an affected device, potentially allowing access to sensitive device information, including configuration files.

Recommendations For Cisco Small Business Switches versions 200, 250, 300, 350, 350X, 500, 550X, consider disabling access to the web UI until a patch is available. Restrict access to the web UI to minimize the risk of exploitation. Avoid using the web UI for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.