CVE-2019-1914

moderate-risk

Published 2019-08-07

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.

Do I need to act?

2.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

47442

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (11)

Sf-220-24 Firmware

Sf220-24P Firmware

Sf220-48 Firmware

Sf220-48P Firmware

Sg220-26 Firmware

Sg220-26P Firmware

Sg220-28 Firmware

Sg220-28Mp Firmware

Sg220-50 Firmware

Sg220-50P Firmware

Sg220-52 Firmware

Affected Vendors

Cisco

References (4)

http://packetstormsecurity.com/files/154667/Realtek-Managed-Switch-Controller-RT...

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

http://packetstormsecurity.com/files/154667/Realtek-Managed-Switch-Controller-RT...

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 6/34 · Minimal

Exposure 16/34 · Moderate