CVE-2019-1892

CVE Database · CVE-2019-1892

CVE-2019-1892

· N/AModified

CVSS v3.1

N/A

EPSS

1.77%

Published

Jul 5, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition.

Weaknesses (CWE)

CWE-119CWE-119

Affected Products (114)

cisco · sf200-24_firmware (up to 1.4.10.6)vulnerable

cisco · sf200-24

cisco · sf200-24p_firmware (up to 1.4.10.6)vulnerable

cisco · sf200-24p

cisco · sf200-48_firmware (up to 1.4.10.6)vulnerable

cisco · sf200-48

cisco · sf200-48p_firmware (up to 1.4.10.6)vulnerable

cisco · sf200-48p

cisco · sg200-18_firmware (up to 1.4.10.6)vulnerable

cisco · sg200-18

· sg200-26_firmware

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs