CVE-2019-1913

high-risk

Published 2019-08-07

Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS.

Do I need to act?

14.2% chance of exploitation in next 30 days

EPSS score — higher than 86% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

47442

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (11)

Sf-220-24 Firmware

Sf220-24P Firmware

Sf220-48 Firmware

Sf220-48P Firmware

Sg220-26 Firmware

Sg220-26P Firmware

Sg220-28 Firmware

Sg220-28Mp Firmware

Sg220-50 Firmware

Sg220-50P Firmware

Sg220-52 Firmware

Affected Vendors

Cisco

References (4)

http://packetstormsecurity.com/files/154667/Realtek-Managed-Switch-Controller-RT...

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

http://packetstormsecurity.com/files/154667/Realtek-Managed-Switch-Controller-RT...

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 12/34 · Low

Exposure 16/34 · Moderate