CVE-2019-1859

CWE-285CWE-295Improper Certificate Validation4 documents4 sources
Severity
7.2HIGH
EPSS
0.2%
top 60.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
115
Cisco Cisco Small Business 200 Series Smart SwitchesCisco Sf200-24 FirmwareCisco Sf200-24fp Firmware+112 more
Timeline
PublishedMay 3
Latest updateMay 24

Description

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the d

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages115 packages

CVEListV5cisco/cisco_small_business_200_series_smart_switchesunspecified1.4.10.6+1
NVDcisco/sf200-24_firmware< 1.4.10.6
NVDcisco/sf200-48_firmware< 1.4.10.6
NVDcisco/sf250-24_firmware< 2.5.0.78
NVDcisco/sf250-48_firmware< 2.5.0.78

🔴Vulnerability Details

2
GHSA
GHSA-vxf6-wwjr-wqh4: A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-si2022-05-24
CVEList
Cisco Small Business Switches Secure Shell Certificate Authentication Bypass Vulnerability2019-05-03

📋Vendor Advisories

1
Cisco
Cisco Small Business Switches Secure Shell Certificate Authentication Bypass Vulnerability2019-05-01
CVE-2019-1859 (HIGH CVSS 7.2) | A vulnerability in the Secure Shell | cvebase.io