Published: 23/09/2020 Updated: 06/04/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote malicious user to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the malicious user to access sensitive device information, which includes configuration files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco sg250x-24_firmware
cisco sg250x-24p_firmware
cisco sg250x-48_firmware
cisco sg250x-48p_firmware
cisco sg250-08_firmware
cisco sg250-08hp_firmware
cisco sg250-10p_firmware
cisco sg250-18_firmware
cisco sg250-26_firmware
cisco sg250-26hp_firmware
cisco sg250-26p_firmware
cisco sg250-50_firmware
cisco sg250-50hp_firmware
cisco sg250-50p_firmware
cisco sf250-24_firmware
cisco sf250-24p_firmware
cisco sf250-48_firmware
cisco sf250-48hp_firmware
cisco sg350-10_firmware
cisco sg350-10p_firmware
cisco sg350-10mp_firmware
cisco sg355-10p_firmware
cisco sg350-28_firmware
cisco sg350-28p_firmware
cisco sg350-28mp_firmware
cisco sf350-48_firmware
cisco sf350-48p_firmware
cisco sf350-48mp_firmware
cisco sg350xg-2f10_firmware
cisco sg350xg-24f_firmware
cisco sg350xg-24t_firmware
cisco sg350xg-48t_firmware
cisco sg350x-24_firmware
cisco sg350x-24p_firmware
cisco sg350x-24mp_firmware
cisco sg350x-48_firmware
cisco sg350x-48p_firmware
cisco sg350x-48mp_firmware
cisco sx550x-16ft_firmware
cisco sx550x-24ft_firmware
cisco sx550x-12f_firmware
cisco sx550x-24f_firmware
cisco sx550x-24_firmware
cisco sx550x-52_firmware
cisco sg550x-24_firmware
cisco sg550x-24p_firmware
cisco sg550x-24mp_firmware
cisco sg550x-24mpp_firmware
cisco sg550x-48_firmware
cisco sg550x-48p_firmware
cisco sg550x-48mp_firmware
cisco sf550x-24_firmware
cisco sf550x-24p_firmware
cisco sf550x-24mp_firmware
cisco sf550x-48_firmware
cisco sf550x-48p_firmware
cisco sf550x-48mp_firmware
cisco sg200-50_firmware
cisco sg200-50p_firmware
cisco sg200-50fp_firmware
cisco sg200-26_firmware
cisco sg200-26p_firmware
cisco sg200-26fp_firmware
cisco sg200-18_firmware
cisco sg200-10fp_firmware
cisco sg200-08_firmware
cisco sg200-08p_firmware
cisco sf200-24_firmware
cisco sf200-24p_firmware
cisco sf200-24fp_firmware
cisco sf200-48_firmware
cisco sf200-48p_firmware
cisco sf302-08pp_firmware
cisco sf302-08mpp_firmware
cisco sg300-10pp_firmware
cisco sg300-10mpp_firmware
cisco sf300-24pp_firmware
cisco sf300-48pp_firmware
cisco sg300-28pp_firmware
cisco sf300-08_firmware
cisco sf300-48p_firmware
cisco sg300-10mp_firmware
cisco sg300-10p_firmware
cisco sg300-10_firmware
cisco sg300-28p_firmware
cisco sf300-24p_firmware
cisco sf302-08mp_firmware
cisco sg300-28_firmware
cisco sf300-48_firmware
cisco sg300-20_firmware
cisco sf302-08p_firmware
cisco sg300-52_firmware
cisco sf300-24_firmware
cisco sf302-08_firmware
cisco sf300-24mp_firmware
cisco sg300-10sfp_firmware
cisco sg300-28mp_firmware
cisco sg300-52p_firmware
cisco sg300-52mp_firmware
cisco sg500-28mpp_firmware
cisco sg500-52mp_firmware
cisco sg500xg-8f8t_firmware
cisco sf500-24_firmware
cisco sf500-24p_firmware
cisco sf500-48_firmware
cisco sf500-48p_firmware
cisco sg500-28_firmware
cisco sg500-28p_firmware
cisco sg500-52_firmware
cisco sg500-52p_firmware
cisco sg500x-24_firmware
cisco sg500x-24p_firmware
cisco sg500x-48_firmware
cisco sg500x-48p_firmware

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI An attacker could exploit this vulnerability by sending a malicious HTTP ...

SYNgularity1 - Exploits and PoC Code for CVEs, Vulnerabilities, etc.

exploits SYNgularity1 - Exploits and PoC Code for CVEs, Vulnerabilities, etc Current: CVE-2019-15993 / CVE-2020-5330 - Cisco Sx / SMB, Dell X & VRTX, Netgear (Various) Information Disclosure and Hash Decrypter NO CVE - Solarwinds Serv-U FTP LFI Downloader Vulnerable Software: Solarwinds Serv-U (Windows) < 1532 NO CVE - 0-day - Zyxel - NXxxx Wireless Controlle

CWE-287 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200129-smlbus-switch-disclos http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html https://nvd.nist.gov https://github.com/SYNgularity1/exploits https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200129-smlbus-switch-disclos

Get Started

CVE-2019-15993

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect