Vulnslist

find the latest Cisco vulnerabilities

Cisco Small Business Switches Information Disclosure Vulnerability

cisco-sa-20200129-smlbus-switch-disclos · High · Published · Updated

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200129-smlbus-switch-disclos

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2019-15993
Cisco Bug IDsCSCvr54104, CSCvs68748
CVSS ScoreBase 7.5
Base 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Small Business 200 Series Smart Switches, Cisco Small Business 250 Series Smart Switches Software, Cisco Small Business 350 Series Managed Switches Software, Cisco Small Business 350X Series Managed Switches Software, Cisco Small Business 550X Series Stackable Managed Switches Software

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Small Business 200 Series Smart Switches known_affected cisco_csaf CVE-2019-15993 1
Cisco Small Business 250 Series Smart Switches Software known_affected cisco_csaf CVE-2019-15993 1
Cisco Small Business 350 Series Managed Switches Software known_affected cisco_csaf CVE-2019-15993 1
Cisco Small Business 350X Series Managed Switches Software known_affected cisco_csaf CVE-2019-15993 1
Cisco Small Business 550X Series Stackable Managed Switches Software known_affected cisco_csaf CVE-2019-15993 1

Related Products

Product CVE Evidence
Cisco Small Business 200 Series Smart Switches CVE-2019-15993 Cisco OpenVuln · family-level
Cisco Small Business 250 Series Smart Switches Software CVE-2019-15993 Cisco OpenVuln · family-level
Cisco Small Business 350 Series Managed Switches Software CVE-2019-15993 Cisco OpenVuln · family-level
Cisco Small Business 350X Series Managed Switches Software CVE-2019-15993 Cisco OpenVuln · family-level
Cisco Small Business 550X Series Stackable Managed Switches Software CVE-2019-15993 Cisco OpenVuln · family-level
Cisco Business 250 Series Smart Switches CVE-2019-15993 Cisco OpenVuln
Cisco Business 350 Series Managed Switches CVE-2019-15993 Cisco OpenVuln
200 Series Smart Switches CVE-2019-15993 Cisco OpenVuln · family-level
Cisco Small Business 250 Series Smart Switches CVE-2019-15993 Cisco OpenVuln · family-level
Cisco Small Business 350 Series Managed Switches CVE-2019-15993 Cisco OpenVuln · family-level
Cisco Small Business 350X Series Stackable Managed Switches CVE-2019-15993 Cisco OpenVuln
Cisco Small Business 550X Series Stackable Managed Switches CVE-2019-15993 Cisco OpenVuln · family-level