Cisco Small Business Switches Information Disclosure Vulnerability
CVE-2019-15993

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Small Business 250 Series Smart Switches Software
Vendor: CVE Published:; 23 September 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.

Affected Version(s)

Cisco Small Business 250 Series Smart Switches Software

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisory

http://packetstormsecurity.com/files/171723/Cisco-Dell-Ne...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Sep 23, 2020
Vulnerability Reserved
Sep 6, 2019