7.5

CVE-2019-1892

A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition.

Data is provided by the National Vulnerability Database (NVD)
CiscoSf200-24 Firmware Version < 1.4.10.6
   CiscoSf200-24 Version-
CiscoSf200-24p Firmware Version < 1.4.10.6
   CiscoSf200-24p Version-
CiscoSf200-48 Firmware Version < 1.4.10.6
   CiscoSf200-48 Version-
CiscoSf200-48p Firmware Version < 1.4.10.6
   CiscoSf200-48p Version-
CiscoSg200-18 Firmware Version < 1.4.10.6
   CiscoSg200-18 Version-
CiscoSg200-26 Firmware Version < 1.4.10.6
   CiscoSg200-26 Version-
CiscoSg200-26p Firmware Version < 1.4.10.6
   CiscoSg200-26p Version-
CiscoSg200-50 Firmware Version < 1.4.10.6
   CiscoSg200-50 Version-
CiscoSg200-50p Firmware Version < 1.4.10.6
   CiscoSg200-50p Version-
CiscoSg300-10 Firmware Version < 1.4.10.6
   CiscoSg300-10 Version-
CiscoSg300-10mp Firmware Version < 1.4.10.6
   CiscoSg300-10mp Version-
CiscoSg300-10mpp Firmware Version < 1.4.10.6
   CiscoSg300-10mpp Version-
CiscoSg300-10sfp Firmware Version < 1.4.10.6
   CiscoSg300-10sfp Version-
CiscoSg300-10p Firmware Version < 1.4.10.6
   CiscoSg300-10p Version-
CiscoSg300-10pp Firmware Version < 1.4.10.6
   CiscoSg300-10pp Version-
CiscoSg300-20 Firmware Version < 1.4.10.6
   CiscoSg300-20 Version-
CiscoSg300-28 Firmware Version < 1.4.10.6
   CiscoSg300-28 Version-
CiscoSg300-28p Firmware Version < 1.4.10.6
   CiscoSg300-28p Version-
CiscoSg300-28pp Firmware Version < 1.4.10.6
   CiscoSg300-28pp Version-
CiscoSg300-28mp Firmware Version < 1.4.10.6
   CiscoSg300-28mp Version-
CiscoSg300-28sfp Firmware Version < 1.4.10.6
   CiscoSg300-28sfp Version-
CiscoSg300-52 Firmware Version < 1.4.10.6
   CiscoSg300-52 Version-
CiscoSg300-52p Firmware Version < 1.4.10.6
   CiscoSg300-52p Version-
CiscoSg300-52mp Firmware Version < 1.4.10.6
   CiscoSg300-52mp Version-
CiscoSf300-08 Firmware Version < 1.4.10.6
   CiscoSf300-08 Version-
CiscoSf302-08 Firmware Version < 1.4.10.6
   CiscoSf302-08 Version-
CiscoSf302-08mp Firmware Version < 1.4.10.6
   CiscoSf302-08mp Version-
CiscoSf302-08p Firmware Version < 1.4.10.6
   CiscoSf302-08p Version-
CiscoSf302-08pp Firmware Version < 1.4.10.6
   CiscoSf302-08pp Version-
CiscoSf302-08mpp Firmware Version < 1.4.10.6
   CiscoSf302-08mpp Version-
CiscoSf300-24 Firmware Version < 1.4.10.6
   CiscoSf300-24 Version-
CiscoSf300-24p Firmware Version < 1.4.10.6
   CiscoSf300-24p Version-
CiscoSf300-24mp Firmware Version < 1.4.10.6
   CiscoSf300-24mp Version-
CiscoSf300-24pp Firmware Version < 1.4.10.6
   CiscoSf300-24pp Version-
CiscoSf300-48 Firmware Version < 1.4.10.6
   CiscoSf300-48 Version-
CiscoSf300-48p Firmware Version < 1.4.10.6
   CiscoSf300-48p Version-
CiscoSf300-48pp Firmware Version < 1.4.10.6
   CiscoSf300-48pp Version-
CiscoSf500-24 Firmware Version < 1.4.10.6
   CiscoSf500-24 Version-
CiscoSf500-24p Firmware Version < 1.4.10.6
   CiscoSf500-24p Version-
CiscoSf500-24mp Firmware Version < 1.4.10.6
   CiscoSf500-24mp Version-
CiscoSf500-48 Firmware Version < 1.4.10.6
   CiscoSf500-48 Version-
CiscoSf500-48p Firmware Version < 1.4.10.6
   CiscoSf500-48p Version-
CiscoSf500-48mp Firmware Version < 1.4.10.6
   CiscoSf500-48mp Version-
CiscoSg500-28 Firmware Version < 1.4.10.6
   CiscoSg500-28 Version-
CiscoSg500-28p Firmware Version < 1.4.10.6
   CiscoSg500-28p Version-
CiscoSg500-28mpp Firmware Version < 1.4.10.6
   CiscoSg500-28mpp Version-
CiscoSg500-52 Firmware Version < 1.4.10.6
   CiscoSg500-52 Version-
CiscoSg500-52p Firmware Version < 1.4.10.6
   CiscoSg500-52p Version-
CiscoSg500-52mp Firmware Version < 1.4.10.6
   CiscoSg500-52mp Version-
CiscoSg500x-24 Firmware Version < 1.4.10.6
   CiscoSg500x-24 Version-
CiscoSg500x24mpp Firmware Version < 1.4.10.6
   CiscoSg500x24mpp Version-
CiscoSg500x-48 Firmware Version < 1.4.10.6
   CiscoSg500x-48 Version-
CiscoSg500x-48p Firmware Version < 1.4.10.6
   CiscoSg500x-48p Version-
CiscoSg500x-48mp Firmware Version < 1.4.10.6
   CiscoSg500x-48mp Version-
CiscoSg500xg8f8t Firmware Version < 1.4.10.6
   CiscoSg500xg8f8t Version-
CiscoEsw2-350g52dc Firmware Version < 1.4.10.6
   CiscoEsw2-350g52dc Version-
CiscoEsw2-550x48dc Firmware Version < 1.4.10.6
   CiscoEsw2-550x48dc Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.67% 0.689
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
psirt@cisco.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.