CVE-2019-15993
high-risk
Published 2020-09-23
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.
Do I need to act?
!
12.4% chance of exploitation in next 30 days
EPSS score — higher than 88% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Sg250X-24 Firmware
Sg250X-24P Firmware
Sg250X-48 Firmware
Sg250X-48P Firmware
Sg250-08 Firmware
Sg250-08Hp Firmware
Sg250-10P Firmware
Sg250-18 Firmware
Sg250-26 Firmware
Sg250-26Hp Firmware
Sg250-26P Firmware
Sg250-50 Firmware
Sg250-50Hp Firmware
Sg250-50P Firmware
Sf250-24 Firmware
Sf250-24P Firmware
Sf250-48 Firmware
Sf250-48Hp Firmware
Affected Vendors
References (4)
64
/ 100
high-risk
Severity
21/34 · High
Exploitability
12/34 · Low
Exposure
31/34 · Critical