cbcvebase.
CVE-2019-1892
published 2019-07-06

CVE-2019-1892: A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an…

high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition.

Affected

59 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_small_business_300_series_managed_switches>= unspecified < 1.4.10.61.4.10.6
ciscoesw2-350g52dc_firmware< 1.4.10.61.4.10.6
ciscoesw2-550x48dc_firmware< 1.4.10.61.4.10.6
ciscosf200-24_firmware< 1.4.10.61.4.10.6
ciscosf200-24p_firmware< 1.4.10.61.4.10.6
ciscosf200-48_firmware< 1.4.10.61.4.10.6
ciscosf200-48p_firmware< 1.4.10.61.4.10.6
ciscosf300-08_firmware< 1.4.10.61.4.10.6
ciscosf300-24_firmware< 1.4.10.61.4.10.6
ciscosf300-24mp_firmware< 1.4.10.61.4.10.6
ciscosf300-24p_firmware< 1.4.10.61.4.10.6
ciscosf300-24pp_firmware< 1.4.10.61.4.10.6
ciscosf300-48_firmware< 1.4.10.61.4.10.6
ciscosf300-48p_firmware< 1.4.10.61.4.10.6
ciscosf300-48pp_firmware< 1.4.10.61.4.10.6
ciscosf302-08_firmware< 1.4.10.61.4.10.6
ciscosf302-08mp_firmware< 1.4.10.61.4.10.6
ciscosf302-08mpp_firmware< 1.4.10.61.4.10.6
ciscosf302-08p_firmware< 1.4.10.61.4.10.6
ciscosf302-08pp_firmware< 1.4.10.61.4.10.6
ciscosf500-24_firmware< 1.4.10.61.4.10.6
ciscosf500-24mp_firmware< 1.4.10.61.4.10.6
ciscosf500-24p_firmware< 1.4.10.61.4.10.6
ciscosf500-48_firmware< 1.4.10.61.4.10.6
ciscosf500-48mp_firmware< 1.4.10.61.4.10.6