Vulnerability Details : CVE-2019-1913
Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS.
Vulnerability category: Overflow
Products affected by CVE-2019-1913
- cpe:2.3:o:cisco:sf-220-24_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:sf220-24p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:sf220-48_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:sf220-48p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:sg220-26_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:sg220-26p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:sg220-28_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:sg220-28mp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:sg220-50_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:sg220-50p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:sg220-52_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1913
0.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-1913
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Cisco Systems, Inc. |
CWE ids for CVE-2019-1913
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2019-1913
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-rce
Cisco Small Business 220 Series Smart Switches Remote Code Execution VulnerabilitiesVendor Advisory
-
http://packetstormsecurity.com/files/154667/Realtek-Managed-Switch-Controller-RTL83xx-Stack-Overflow.html
Realtek Managed Switch Controller (RTL83xx) Stack Overflow ≈ Packet Storm
Jump to