VDB
CVE-2019-1814
CVE-2019-1814
PUBLISHED
CVSS 6.800000190734863 MEDIUM
A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device.
EPSS 0.33% · 56.5th percentile
Risk Scores
CVSS 3.0
6.800000190734863
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.33%
56.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Small Business 300 Series Managed Switches | 1.4.0.88 |
| cisco | sf300-24p_firmware | 0 |
| cisco | sg300-28p_firmware | 0 |
| cisco | sg300-10p_firmware | 0 |
| cisco | sg300-10mp_firmware | 0 |
| cisco | sg300-52_firmware | 0 |
| cisco | sf300-48p_firmware | 0 |
| cisco | sf300-08_firmware | 0 |
| cisco | sg300-28mp_firmware | 0 |
| cisco | sf302-08mp_firmware | 0 |
| cisco | sf302-08pp_firmware | 0 |
| cisco | sf300-24mp_firmware | 0 |
| cisco | sg300-20_firmware | 0 |
| cisco | sf300-24pp_firmware | 0 |
| cisco | sg300-10sfp_firmware | 0 |
| cisco | sg300-10mpp_firmware | 0 |
| cisco | sg300-10_firmware | 0 |
| cisco | sf300-48pp_firmware | 0 |
| cisco | sg300-28pp_firmware | 0 |
| cisco | sf300-48_firmware | 0 |
…and 8 more
Exploit Intelligence
Timeline
- May 15, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score