VDB

CVE-2019-1859

CVE-2019-1859 PUBLISHED CVSS 7.199999809265137 HIGH

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default.

EPSS 0.18% · 39.4th percentile

Risk Scores

CVSS 3.0
7.199999809265137
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.18%
39.4th percentile

Affected Products

VendorProductVersions
ciscosg350-10mp_firmware0
ciscosg200-18_firmware0
ciscosg500-28p_firmware0
ciscosg250-50hp_firmware0
ciscosf302-08p_firmware0
ciscosg300-52_firmware0
ciscosg250-18_firmware0
ciscosg250-26_firmware0
ciscosf350-48_firmware0
ciscosf250-24p_firmware0
ciscosg250x-48_firmware0
ciscosg300-52p_firmware0
CiscoCisco Small Business 200 Series Smart Switchesunspecified, unspecified
ciscosf200-24p_firmware0
ciscosg300-10pp_firmware0
ciscosg550x-24p_firmware0
ciscosf550x-24_firmware0
ciscosf550x-24mp_firmware0
ciscosg250-08hp_firmware0
ciscosg350-10_firmware0

…and 95 more

Exploit Intelligence

Timeline

  • May 1, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

…and 3 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›