Cisco Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities
CVE-2019-1913

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Small Business 220 Series Smart Plus Switches
Vendor: CVE Published:; 7 August 2019

Badges

👾 Exploit Exists

Summary

Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS.

Affected Version(s)

Cisco Small Business 220 Series Smart Plus Switches < 1.1.4.4

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://packetstormsecurity.com/files/154667/Realtek-Manag...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Aug 7, 2019
Vulnerability Reserved
Dec 6, 2018