Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-15993

CWE-16CWE-287Improper Authentication5 documents5 sources
Severity
5.3MEDIUM
EPSS
12.4%
top 6.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
115
Cisco Sf200-24 FirmwareCisco Sf200-24fp FirmwareCisco Sf200-24p Firmware+112 more
Timeline
PublishedSep 23
Latest updateApr 5

Description

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes conf

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages115 packages

NVDcisco/sf200-24_firmware< 1.4.11.4
NVDcisco/sf200-48_firmware< 1.4.11.4
NVDcisco/sf250-24_firmware< 2.5.0.92
NVDcisco/sf250-48_firmware< 2.5.0.92

🔴Vulnerability Details

2
GHSA
GHSA-72qf-gj46-vcj3: A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information2022-05-24
CVEList
Cisco Small Business Switches Information Disclosure Vulnerability2020-09-23

💥Exploits & PoCs

1
Exploit-DB
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure2023-04-05

📋Vendor Advisories

1
Cisco
Cisco Small Business Switches Information Disclosure Vulnerability2020-01-29
CVE-2019-15993 (MEDIUM CVSS 5.3) | A vulnerability in the web UI of Ci | cvebase.io