CVE-2019-1913 CRITICAL

CVE-2019-1913: Cisco Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities

Vendor Cisco
Product Cisco Small Business 220 Series Smart Plus Switches
Weakness CWE-119
Published August 7, 2019
Last update November 19, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS.

Key dates

02Disclosure timeline

August 7, 2019 CVE published
November 19, 2024 Record updated

Related vulnerabilities

04Related CVE