CVE-2019-1914

CVE Database · CVE-2019-1914

CVE-2019-1914

· N/AModified

CVSS v3.1

N/A

EPSS

24.85%

Published

Aug 7, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

Exploit-DBCisco Small Business 220 Series - Multiple Vulnerabilities TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (22)

cisco · sf-220-24_firmware (up to 1.1.4.4)vulnerable

cisco · sf-220-24

cisco · sf220-24p_firmware (up to 1.1.4.4)vulnerable

cisco · sf220-24p

cisco · sf220-48_firmware (up to 1.1.4.4)vulnerable

cisco · sf220-48

cisco · sf220-48p_firmware (up to 1.1.4.4)vulnerable

cisco · sf220-48p

cisco · sg220-26_firmware (up to 1.1.4.4)vulnerable