VDB
CVE-2019-1892
CVE-2019-1892
PUBLISHED
CVSS 7.5 HIGH
A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition.
EPSS 0.65% · 71.3th percentile
Risk Scores
CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.65%
71.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | sg500-52p_firmware | 0 |
| cisco | sg300-10pp_firmware | 0 |
| cisco | sf302-08p_firmware | 0 |
| cisco | sg300-52mp_firmware | 0 |
| cisco | sf300-24p_firmware | 0 |
| cisco | sf500-48mp_firmware | 0 |
| cisco | sg300-10p_firmware | 0 |
| cisco | sf300-24mp_firmware | 0 |
| cisco | sg200-50p_firmware | 0 |
| cisco | sf302-08mp_firmware | 0 |
| cisco | sf300-48p_firmware | 0 |
| cisco | sg500xg8f8t_firmware | 0 |
| Cisco | Cisco Small Business 300 Series Managed Switches | unspecified |
| cisco | sf300-24pp_firmware | 0 |
| cisco | sf302-08mpp_firmware | 0 |
| cisco | sg200-50_firmware | 0 |
| cisco | sg500-52mp_firmware | 0 |
| cisco | sg500-28mpp_firmware | 0 |
| cisco | sg300-28mp_firmware | 0 |
| cisco | sg200-18_firmware | 0 |
…and 38 more
Exploit Intelligence
Timeline
- Jul 3, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-wsa-dos advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-jabber-dll advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-file-readwrite advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ccapic-restapi advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-dos advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-commandinj advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-asyncos-wsa advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-1892 advisory