CVE-2019-1892

CWE-119 — Buffer Overflow4 documents4 sources

Severity

7.5HIGH

EPSS

0.7%

top 29.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Small Business 300 Series Managed Switches Cisco Esw2-350g52dc Firmware Cisco Esw2-550x48dc Firmware +55 more

Timeline

PublishedJul 6

Latest updateMay 24

Description

A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages58 packages

▶CVEListV5cisco/cisco_small_business_300_series_managed_switchesunspecified — 1.4.10.6

▶NVDcisco/sf200-24_firmware< 1.4.10.6

▶NVDcisco/sf200-48_firmware< 1.4.10.6

▶NVDcisco/sf300-08_firmware< 1.4.10.6

▶NVDcisco/sf300-24_firmware< 1.4.10.6

🔴Vulnerability Details

GHSA

GHSA-4r8c-mv24-j28q: A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow↗2022-05-24

▶

CVEList

Cisco Small Business Series Switches Memory Corruption Vulnerability↗2019-07-06

▶

📋Vendor Advisories

Cisco

Cisco Small Business Series Switches Memory Corruption Vulnerability↗2019-07-03

▶