VDB

CVE-2019-15993

CVE-2019-15993 PUBLISHED CVSS 7.5 HIGH

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.

EPSS 12.34% · 94.0th percentile

Risk Scores

CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
12.34%
94.0th percentile

Affected Products

VendorProductVersions
ciscosf250-24p_firmware0
ciscosg350-10mp_firmware0
ciscosf550x-24mp_firmware0
ciscosg350x-48mp_firmware0
ciscosg500x-24_firmware0
ciscosg250x-48p_firmware0
ciscosf300-48_firmware0
ciscosx550x-52_firmware0
ciscosg350-28mp_firmware0
ciscosg350x-24mp_firmware0
ciscosg300-10sfp_firmware0
ciscosf200-24p_firmware0, 0
ciscosg500-52p_firmware0
ciscosg350x-24p_firmware0
ciscosf550x-24p_firmware0
ciscosg250-26hp_firmware0
ciscosg250-10p_firmware0
ciscosg500-28_firmware0
ciscosg300-28pp_firmware0
ciscosf500-24_firmware0

…and 95 more

Exploit Intelligence

Timeline

  • Sep 23, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›