CVE-2019-12636

EPSS 0.5%
Veröffentlicht 16.10.2019 19:15:10
Zuletzt bearbeitet 21.11.2024 04:23:14
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Sf250-24 Firmware Version < 2.5.0.90

Cisco ≫ Sf250-24 Version-

Cisco ≫ Sf250-24p Firmware Version < 2.5.0.90

Cisco ≫ Sf250-24p Version-

Cisco ≫ Sf250-48 Firmware Version < 2.5.0.90

Cisco ≫ Sf250-48 Version-

Cisco ≫ Sf250-48hp Firmware Version < 2.5.0.90

Cisco ≫ Sf250-48hp Version-

Cisco ≫ Sf250-08 Firmware Version < 2.5.0.90

Cisco ≫ Sf250-08 Version-

Cisco ≫ Sf250-08hp Firmware Version < 2.5.0.90

Cisco ≫ Sf250-08hp Version-

Cisco ≫ Sf250-10p Firmware Version < 2.5.0.90

Cisco ≫ Sf250-10p Version-

Cisco ≫ Sf250-18 Firmware Version < 2.5.0.90

Cisco ≫ Sf250-18 Version-

Cisco ≫ Sf250-26 Firmware Version < 2.5.0.90

Cisco ≫ Sf250-26 Version-

Cisco ≫ Sf250-26hp Firmware Version < 2.5.0.90

Cisco ≫ Sf250-26hp Version-

Cisco ≫ Sf250-26p Firmware Version < 2.5.0.90

Cisco ≫ Sf250-26p Version-

Cisco ≫ Sf250-50 Firmware Version < 2.5.0.90

Cisco ≫ Sf250-50 Version-

Cisco ≫ Sf250-50hp Firmware Version < 2.5.0.90

Cisco ≫ Sf250-50hp Version-

Cisco ≫ Sf250-50p Firmware Version < 2.5.0.90

Cisco ≫ Sf250-50p Version-

Cisco ≫ Sf250x-24 Firmware Version < 2.5.0.90

Cisco ≫ Sf250x-24 Version-

Cisco ≫ Sf250x-24p Firmware Version < 2.5.0.90

Cisco ≫ Sf250x-24p Version-

Cisco ≫ Sf250x-48 Firmware Version < 2.5.0.90

Cisco ≫ Sf250x-48 Version-

Cisco ≫ Sf250x-48p Firmware Version < 2.5.0.90

Cisco ≫ Sf250x-48p Version-

Cisco ≫ Sg350-10 Firmware Version < 2.5.0.90

Cisco ≫ Sg350-10 Version-

Cisco ≫ Sg350-10p Firmware Version < 2.5.0.90

Cisco ≫ Sg350-10p Version-

Cisco ≫ Sg350-10mp Firmware Version < 2.5.0.90

Cisco ≫ Sg350-10mp Version-

Cisco ≫ Sg355-10p Firmware Version < 2.5.0.90

Cisco ≫ Sg355-10p Version-

Cisco ≫ Sg350-28 Firmware Version < 2.5.0.90

Cisco ≫ Sg350-28 Version-

Cisco ≫ Sg350-28p Firmware Version < 2.5.0.90

Cisco ≫ Sg350-28p Version-

Cisco ≫ Sg350-28mp Firmware Version < 2.5.0.90

Cisco ≫ Sg350-28mp Version-

Cisco ≫ Sf350-48 Firmware Version < 2.5.0.90

Cisco ≫ Sf350-48 Version-

Cisco ≫ Sf350-48p Firmware Version < 2.5.0.90

Cisco ≫ Sf350-48p Version-

Cisco ≫ Sf350-48mp Firmware Version < 2.5.0.90

Cisco ≫ Sf350-48mp Version-

Cisco ≫ Sx550x-16ft Firmware Version < 2.5.0.90

Cisco ≫ Sx550x-16ft Version-

Cisco ≫ Sx550x-24ft Firmware Version < 2.5.0.90

Cisco ≫ Sx550x-24ft Version-

Cisco ≫ Sx550x-12f Firmware Version < 2.5.0.90

Cisco ≫ Sx550x-12f Version-

Cisco ≫ Sx550x-24f Firmware Version < 2.5.0.90

Cisco ≫ Sx550x-24f Version-

Cisco ≫ Sx550x-24 Firmware Version < 2.5.0.90

Cisco ≫ Sx550x-24 Version-

Cisco ≫ Sx550x-52 Firmware Version < 2.5.0.90

Cisco ≫ Sx550x-52 Version-

Cisco ≫ Sg550x-24 Firmware Version < 2.5.0.90

Cisco ≫ Sg550x-24 Version-

Cisco ≫ Sg550x-24p Firmware Version < 2.5.0.90

Cisco ≫ Sg550x-24p Version-

Cisco ≫ Sg550x-24mp Firmware Version < 2.5.0.90

Cisco ≫ Sg550x-24mp Version-

Cisco ≫ Sg550x-24mpp Firmware Version < 2.5.0.90

Cisco ≫ Sg550x-24mpp Version-

Cisco ≫ Sg550x-48 Firmware Version < 2.5.0.90

Cisco ≫ Sg550x-48 Version-

Cisco ≫ Sg550x-48p Firmware Version < 2.5.0.90

Cisco ≫ Sg550x-48p Version-

Cisco ≫ Sg550x-48mp Firmware Version < 2.5.0.90

Cisco ≫ Sg550x-48mp Version-

Cisco ≫ Sf550x-24 Firmware Version < 2.5.0.90

Cisco ≫ Sf550x-24 Version-

Cisco ≫ Sf550x-24p Firmware Version < 2.5.0.90

Cisco ≫ Sf550x-24p Version-

Cisco ≫ Sf550x-24mp Firmware Version < 2.5.0.90

Cisco ≫ Sf550x-24mp Version-

Cisco ≫ Sf550x-48 Firmware Version < 2.5.0.90

Cisco ≫ Sf550x-48 Version-

Cisco ≫ Sf550x-48p Firmware Version < 2.5.0.90

Cisco ≫ Sf550x-48p Version-

Cisco ≫ Sf550x-48mp Firmware Version < 2.5.0.90

Cisco ≫ Sf550x-48mp Version-

Cisco ≫ Sf200-24 Firmware Version < 1.4.11

Cisco ≫ Sf200-24 Version-

Cisco ≫ Sf200-24fp Firmware Version < 1.4.11

Cisco ≫ Sf200-24fp Version-

Cisco ≫ Sf200-24p Firmware Version < 1.4.11.02

Cisco ≫ Sf200-24p Version-

Cisco ≫ Sf200-48 Firmware Version < 1.4.11.02

Cisco ≫ Sf200-48 Version-

Cisco ≫ Sf200-48p Firmware Version < 1.4.11.02

Cisco ≫ Sf200-48p Version-

Cisco ≫ Sf200e-24 Firmware Version < 1.4.11.02

Cisco ≫ Sf200e-24 Version-

Cisco ≫ Sf200e-24p Firmware Version < 1.4.11.02

Cisco ≫ Sf200e-24p Version-

Cisco ≫ Sf200e-48 Firmware Version < 1.4.11.02

Cisco ≫ Sf200e-48 Version-

Cisco ≫ Sf200e48p Firmware Version < 1.4.11.02

Cisco ≫ Sf200e48p Version-

Cisco ≫ Sg200-08 Firmware Version < 1.4.11.02

Cisco ≫ Sg200-08 Version-

Cisco ≫ Sg200-08p Firmware Version < 1.4.11.02

Cisco ≫ Sg200-08p Version-

Cisco ≫ Sg200-10fp Firmware Version < 1.4.11.02

Cisco ≫ Sg200-10fp Version-

Cisco ≫ Sg200-18 Firmware Version < 1.4.11.02

Cisco ≫ Sg200-18 Version-

Cisco ≫ Sg200-26 Firmware Version < 1.4.11.02

Cisco ≫ Sg200-26 Version-

Cisco ≫ Sg200-26fp Firmware Version < 1.4.11.02

Cisco ≫ Sg200-26fp Version-

Cisco ≫ Sg200-26p Firmware Version < 1.4.11.02

Cisco ≫ Sg200-26p Version-

Cisco ≫ Sg200-50 Firmware Version < 1.4.11.02

Cisco ≫ Sg200-50 Version-

Cisco ≫ Sg200-50fp Firmware Version < 1.4.11.02

Cisco ≫ Sg200-50fp Version-

Cisco ≫ Sg200-50p Firmware Version < 1.4.11.02

Cisco ≫ Sg200-50p Version-

Cisco ≫ Sf302-08pp Firmware Version < 1.4.11.02

Cisco ≫ Sf302-08pp Version-

Cisco ≫ Sf302-08mpp Firmware Version < 1.4.11.02

Cisco ≫ Sf302-08mpp Version-

Cisco ≫ Sg300-10pp Firmware Version < 1.4.11.02

Cisco ≫ Sg300-10pp Version-

Cisco ≫ Sg300-10mpp Firmware Version < 1.4.11.02

Cisco ≫ Sg300-10mpp Version-

Cisco ≫ Sf300-24pp Firmware Version < 1.4.11.02

Cisco ≫ Sf300-24pp Version-

Cisco ≫ Sf300-48pp Firmware Version < 1.4.11.02

Cisco ≫ Sf300-48pp Version-

Cisco ≫ Sg300-28pp Firmware Version < 1.4.11.02

Cisco ≫ Sg300-28pp Version-

Cisco ≫ Sf300-08 Firmware Version < 1.4.11.02

Cisco ≫ Sf300-08 Version-

Cisco ≫ Sf300-48p Firmware Version < 1.4.11.02

Cisco ≫ Sf300-48p Version-

Cisco ≫ Sg300-10mp Firmware Version < 1.4.11.02

Cisco ≫ Sg300-10mp Version-

Cisco ≫ Sg300-10p Firmware Version < 1.4.11.02

Cisco ≫ Sg300-10p Version-

Cisco ≫ Sg300-10 Firmware Version < 1.4.11.02

Cisco ≫ Sg300-10 Version-

Cisco ≫ Sg300-28p Firmware Version < 1.4.11.02

Cisco ≫ Sg300-28p Version-

Cisco ≫ Sf300-24p Firmware Version < 1.4.11.02

Cisco ≫ Sf300-24p Version-

Cisco ≫ Sf302-08mp Firmware Version < 1.4.11.02

Cisco ≫ Sf302-08mp Version-

Cisco ≫ Sg300-28 Firmware Version < 1.4.11.02

Cisco ≫ Sg300-28 Version-

Cisco ≫ Sf300-48 Firmware Version < 1.4.11.02

Cisco ≫ Sf300-48 Version-

Cisco ≫ Sg300-20 Firmware Version < 1.4.11.02

Cisco ≫ Sg300-20 Version-

Cisco ≫ Sf302-08p Firmware Version < 1.4.11.02

Cisco ≫ Sf302-08p Version-

Cisco ≫ Sg300-52 Firmware Version < 1.4.11.02

Cisco ≫ Sg300-52 Version-

Cisco ≫ Sf300-24 Firmware Version < 1.4.11.02

Cisco ≫ Sf300-24 Version-

Cisco ≫ Sf302-08 Firmware Version < 1.4.11.02

Cisco ≫ Sf302-08 Version-

Cisco ≫ Sf300-24mp Firmware Version < 1.4.11.02

Cisco ≫ Sf300-24mp Version-

Cisco ≫ Sg300-10sfp Firmware Version < 1.4.11.02

Cisco ≫ Sg300-10sfp Version-

Cisco ≫ Sg300-28mp Firmware Version < 1.4.11.02

Cisco ≫ Sg300-28mp Version-

Cisco ≫ Sg300-52p Firmware Version < 1.4.11.02

Cisco ≫ Sg300-52p Version-

Cisco ≫ Sg300-52mp Firmware Version < 1.4.11.02

Cisco ≫ Sg300-52mp Version-

Cisco ≫ Sg500-28mpp Firmware Version < 1.4.11.02

Cisco ≫ Sg500-28mpp Version-

Cisco ≫ Sg500-52mp Firmware Version < 1.4.11.02

Cisco ≫ Sg500-52mp Version-

Cisco ≫ Sg500xg-8f8t Firmware Version < 1.4.11.02

Cisco ≫ Sg500xg-8f8t Version-

Cisco ≫ Sf500-24 Firmware Version < 1.4.11.02

Cisco ≫ Sf500-24 Version-

Cisco ≫ Sf500-24p Firmware Version < 1.4.11.02

Cisco ≫ Sf500-24p Version-

Cisco ≫ Sf500-48 Firmware Version < 1.4.11.02

Cisco ≫ Sf500-48 Version-

Cisco ≫ Sf500-48p Firmware Version < 1.4.11.02

Cisco ≫ Sf500-48p Version-

Cisco ≫ Sg500-28 Firmware Version < 1.4.11.02

Cisco ≫ Sg500-28 Version-

Cisco ≫ Sg500-28p Firmware Version < 1.4.11.02

Cisco ≫ Sg500-28p Version-

Cisco ≫ Sg500-52 Firmware Version < 1.4.11.02

Cisco ≫ Sg500-52 Version-

Cisco ≫ Sg500-52p Firmware Version < 1.4.11.02

Cisco ≫ Sg500-52p Version-

Cisco ≫ Sg500x-24 Firmware Version < 1.4.11.02

Cisco ≫ Sg500x-24 Version-

Cisco ≫ Sg500x-24p Firmware Version < 1.4.11.02

Cisco ≫ Sg500x-24p Version-

Cisco ≫ Sg500x-48 Firmware Version < 1.4.11.02

Cisco ≫ Sg500x-48 Version-

Cisco ≫ Sg500x-48p Firmware Version < 1.4.11.02

Cisco ≫ Sg500x-48p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.631

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
psirt@cisco.com	8.1	2.8	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-csrf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12636

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12636

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12636

EUVD