Search criteria
16 vulnerabilities found for sf302-08mp by cisco
VAR-201709-1073
Vulnerability from variot - Updated: 2025-04-20 23:42A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377. plural Cisco The product contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvb48377 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoSmallBusiness300SeriesManagedSwitches, etc. are all Cisco (Cisco) switch devices. SecureShell (SSH) subsystem is one of the data encryption transmission subsystems. A denial of service vulnerability exists in the SSH subsystem of several Cisco products due to a program failing to properly handle SSH connections
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sg550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg350-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg300-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf302-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg550x-24mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf302-08mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf300-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg500-28mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf500-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg350x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf300-48pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg300-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "esw2-350g-52dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg300-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg300-10sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg300-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg500-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "esw2-350g-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sx550x-24ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf300-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf350-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf500-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg500-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg350xg-48t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg500x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg350x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg300-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg300-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg500-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg300-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg300-10pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg350-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg350-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg500x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf300-24pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg500x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "esw2-550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg350x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg350xg-24f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg350x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "esw2-550x-48dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg350-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf300-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf302-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg350xg-24t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf302-08mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg300-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg300-20",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf350-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg300-10mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg350-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sx550x-16ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg500x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg300-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf500-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg350-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf302-08pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf300-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg300-28pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf300-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sx550x-12f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg500xg-8f8t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg355-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg350x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf300-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sf350-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sx550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg350x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sx550x-24f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sg500-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sx550x-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "sf500-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg500-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "sg350xg-2f10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.0.130"
},
{
"model": "series managed switches",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3500"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "350x0"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "550x0"
},
{
"model": "esw2 series advanced switches",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "small business series managed switch",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3000"
},
{
"model": "small business series stackable managed switch",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "5000"
},
{
"model": "350 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "350x series stackable managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "550x series stackable managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "esw2 series expansion switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business 300 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business 500 series stackable managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business 350 series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 500 series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "esw2 series advanced switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 550x series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 350x series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 300 series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business series stackable managed switch",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5001.4.8.06"
},
{
"model": "small business series managed switch",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.8.06"
},
{
"model": "esw2 series advanced switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.4.8.06"
},
{
"model": "series stackable managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "550x2.3.0.130"
},
{
"model": "series stackable managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "350x2.3.0.130"
},
{
"model": "series managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3502.3.0.130"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34211"
},
{
"db": "BID",
"id": "100933"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1028"
},
{
"db": "NVD",
"id": "CVE-2017-6720"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:small_business_350_series_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_350x_series_stackable_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_550x_series_stackable_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:esw2_series_advanced_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_300_series_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_500_series_stackable_managed_switches_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008421"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alessandro Celestra of TLogos.",
"sources": [
{
"db": "BID",
"id": "100933"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6720",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-6720",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6720",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-34211",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-114923",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2017-6720",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-6720",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6720",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6720",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-34211",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1028",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114923",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34211"
},
{
"db": "VULHUB",
"id": "VHN-114923"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1028"
},
{
"db": "NVD",
"id": "CVE-2017-6720"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377. plural Cisco The product contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvb48377 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoSmallBusiness300SeriesManagedSwitches, etc. are all Cisco (Cisco) switch devices. SecureShell (SSH) subsystem is one of the data encryption transmission subsystems. A denial of service vulnerability exists in the SSH subsystem of several Cisco products due to a program failing to properly handle SSH connections",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008421"
},
{
"db": "CNVD",
"id": "CNVD-2017-34211"
},
{
"db": "BID",
"id": "100933"
},
{
"db": "VULHUB",
"id": "VHN-114923"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6720",
"trust": 3.4
},
{
"db": "BID",
"id": "100933",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008421",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1028",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-34211",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114923",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34211"
},
{
"db": "VULHUB",
"id": "VHN-114923"
},
{
"db": "BID",
"id": "100933"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1028"
},
{
"db": "NVD",
"id": "CVE-2017-6720"
}
]
},
"id": "VAR-201709-1073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34211"
},
{
"db": "VULHUB",
"id": "VHN-114923"
}
],
"trust": 1.03338293
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34211"
}
]
},
"last_update_date": "2025-04-20T23:42:06.012000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170920-sbms",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms"
},
{
"title": "Patch for CiscoSmallBusinessManagedSwitches Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/104610"
},
{
"title": "Multiple Cisco product SSH Subsystem security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75044"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34211"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114923"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008421"
},
{
"db": "NVD",
"id": "CVE-2017-6720"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170920-sbms"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/100933"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6720"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6720"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-34211"
},
{
"db": "VULHUB",
"id": "VHN-114923"
},
{
"db": "BID",
"id": "100933"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1028"
},
{
"db": "NVD",
"id": "CVE-2017-6720"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-34211"
},
{
"db": "VULHUB",
"id": "VHN-114923"
},
{
"db": "BID",
"id": "100933"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1028"
},
{
"db": "NVD",
"id": "CVE-2017-6720"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-34211"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-114923"
},
{
"date": "2017-09-20T00:00:00",
"db": "BID",
"id": "100933"
},
{
"date": "2017-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008421"
},
{
"date": "2017-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1028"
},
{
"date": "2017-09-21T05:29:01.043000",
"db": "NVD",
"id": "CVE-2017-6720"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-34211"
},
{
"date": "2020-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-114923"
},
{
"date": "2017-09-20T00:00:00",
"db": "BID",
"id": "100933"
},
{
"date": "2017-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008421"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1028"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6720"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1028"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008421"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1028"
}
],
"trust": 0.6
}
}
VAR-202001-1199
Vulnerability from variot - Updated: 2024-11-23 23:11A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sg300-10sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf500-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-24pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf500-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-48pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-28pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500-28mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-26",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-24fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf302-08pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-50",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-18",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-10fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500xg-8f8t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-20",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf302-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-50fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-26fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf500-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf302-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-26p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf302-08mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-10mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-50p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-10pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf302-08mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf500-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "cisco sg200-08p",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco sg200-08",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco sg200-10fp",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco sg200-18",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco sg200-26fp",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco sg200-26p",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco sg200-26",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco sg200-50fp",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco sg200-50p",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco sg200-50",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "small business switches",
"scope": "lt",
"trust": 0.6,
"vendor": "cisco",
"version": "1.3.7.18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04819"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001525"
},
{
"db": "NVD",
"id": "CVE-2020-3147"
}
]
},
"cve": "CVE-2020-3147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-3147",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-04819",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3147",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3147",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-3147",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3147",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3147",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-3147",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-04819",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1345",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04819"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001525"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1345"
},
{
"db": "NVD",
"id": "CVE-2020-3147"
},
{
"db": "NVD",
"id": "CVE-2020-3147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3147"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001525"
},
{
"db": "CNVD",
"id": "CNVD-2020-04819"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3147",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001525",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-04819",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1345",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04819"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001525"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1345"
},
{
"db": "NVD",
"id": "CVE-2020-3147"
}
]
},
"id": "VAR-202001-1199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04819"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04819"
}
]
},
"last_update_date": "2024-11-23T23:11:35.220000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-smlbus-switch-dos-R6VquS2u",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smlbus-switch-dos-R6VquS2u"
},
{
"title": "Patch for Cisco Small Business Switches web UI denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/200969"
},
{
"title": "Cisco Small Business Switches Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109804"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04819"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001525"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001525"
},
{
"db": "NVD",
"id": "CVE-2020-3147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3147"
},
{
"trust": 1.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smlbus-switch-dos-r6vqus2u"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04819"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001525"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1345"
},
{
"db": "NVD",
"id": "CVE-2020-3147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-04819"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001525"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1345"
},
{
"db": "NVD",
"id": "CVE-2020-3147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04819"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001525"
},
{
"date": "2020-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1345"
},
{
"date": "2020-01-30T19:15:11.790000",
"db": "NVD",
"id": "CVE-2020-3147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04819"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001525"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1345"
},
{
"date": "2024-11-21T05:30:25.373000",
"db": "NVD",
"id": "CVE-2020-3147"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Small\u00a0Business\u00a0Switch\u00a0 Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001525"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1345"
}
],
"trust": 0.6
}
}
VAR-201907-0394
Vulnerability from variot - Updated: 2024-11-23 23:01A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. CiscoSmallBusiness200SeriesManagedSwitches, etc. are products of Cisco. CiscoSmallBusiness200SeriesManagedSwitches is a 200 Series Managed Switch. Security vulnerabilities exist in CiscoSmallBusiness200, 300, and 500Switches. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is being tracked by Cisco Bug ID CSCvp23218.
Can change to different domain under the host header and redirect the request to fake website and can be used for phishing attack also can be used for domain fronting.
Normal Request
GET / HTTP/1.1 Host: 10.1.1.120 Accept-Encoding: gzip, deflate Accept: / Accept-Language: en-US,en-GB;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Connection: close Cache-Control: max-age=0
Normal Response
HTTP/1.1 302 Redirect Server: GoAhead-Webs Date: Fri Mar 07 09:40:22 2014 Connection: close Pragma: no-cache Cache-Control: no-cache Content-Type: text/html Location: https://10.21.151.120/cs703dae2c/
This document has moved to a new location. Please update your documents to reflect the new location.POC
Host Header changed to different domain (example google.com).
Request:
GET /cs703dae2c HTTP/1.1 Host: google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Cookie: activeLangId=English; isStackableDevice=false Upgrade-Insecure-Requests: 1
Response:
HTTP/1.1 302 Redirect activeLangId=English; isStackableDevice=falseServer: GoAhead-Webs Date: Fri Mar 07 09:45:26 2014 Connection: close Pragma: no-cache Cache-Control: no-cache Content-Type: text/html Location: http://google.com/cs703dae2c/config/log_off_page.htm
This document has moved to a new location. Please update your documents to reflect the new location.The redirection is happening to http://google.com/cs703dae2c/config/log_off_page.htm. The attacker need to be in same network and should be able to modify the victims request on the wire in order to trigger this vulnerabilty.
Attack Vector:
Can be used for domain fronting.
curl -k --header "Host: attack.host.net" "domainname of the cisco device"
Vendor Response:
Issue 1: Due to the limited information given out, we are not considering it a vulnerability as such. Still, it would be better if it was not happening, so, we will treat it as a hardening enhancement.
Issue 2: The developers won't be able to provide a fix for this in the short term (90 days), so, we are planning to disclose this issue through an advisory on July 17th 2019.
We have assigned CVE CVE-2019-1943 for this issue.
Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0394",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sg200-50p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-28mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf500-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf500-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-08",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500x-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500-52p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-24mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf302-08p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500x-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500-28",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500-28p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500x-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf302-08",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-18",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf302-08mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-10fp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf302-08mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-10mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-28p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500-28mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500x-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-08p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-52p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf200-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500xg-8f8t",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10sfp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-08",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-24pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-52mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500-52",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50fp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26fp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-48pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg500-52mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-28pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf300-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg200-26p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-28",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf302-08pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sg300-52",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf500-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf500-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-20",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf200-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.7.18"
},
{
"model": "sf200-24fp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-08",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-08p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-10fp",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-18",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26fp",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50fp",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "300"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "200"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500"
},
{
"model": "small business series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "small business series smart switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23151"
},
{
"db": "BID",
"id": "109288"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007074"
},
{
"db": "NVD",
"id": "CVE-2019-1943"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:sg200-08_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-08p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-10fp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-26_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-26fp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-26p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-50_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-50fp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-50p_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007074"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ramikan,Ramikan of CT Pentest .",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-779"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1943",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-1943",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2019-23151",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-151875",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-1943",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2019-1943",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1943",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1943",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1943",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-23151",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-779",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151875",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23151"
},
{
"db": "VULHUB",
"id": "VHN-151875"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007074"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-779"
},
{
"db": "NVD",
"id": "CVE-2019-1943"
},
{
"db": "NVD",
"id": "CVE-2019-1943"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user\u0027s HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. CiscoSmallBusiness200SeriesManagedSwitches, etc. are products of Cisco. CiscoSmallBusiness200SeriesManagedSwitches is a 200 Series Managed Switch. Security vulnerabilities exist in CiscoSmallBusiness200, 300, and 500Switches. \nAn attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. \nThis issue is being tracked by Cisco Bug ID CSCvp23218. \n\n*************************************************************************************************************************************\n\nCan change to different domain under the host header and redirect the request to fake website and can be used for phishing attack also can be used for domain fronting. \n\nNormal Request\n\nGET / HTTP/1.1\nHost: 10.1.1.120\nAccept-Encoding: gzip, deflate\nAccept: */*\nAccept-Language: en-US,en-GB;q=0.9,en;q=0.8\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36\nConnection: close\nCache-Control: max-age=0\n\nNormal Response\n\nHTTP/1.1 302 Redirect\nServer: GoAhead-Webs\nDate: Fri Mar 07 09:40:22 2014\nConnection: close\nPragma: no-cache\nCache-Control: no-cache\nContent-Type: text/html\nLocation: https://10.21.151.120/cs703dae2c/\n\n\u003chtml\u003e\u003chead\u003e\u003c/head\u003e\u003cbody\u003e\n This document has moved to a new \u003ca href=\"https://10.1.1.120/cs703dae2c/\"\u003elocation\u003c/a\u003e. \n Please update your documents to reflect the new location. \n \u003c/body\u003e\u003c/html\u003e\n*************************************************************************************************************************************\nPOC \n*************************************************************************************************************************************\n\nHost Header changed to different domain (example google.com). \n\nRequest:\n\nGET /cs703dae2c HTTP/1.1\nHost: google.com\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-GB,en;q=0.5\nAccept-Encoding: gzip, deflate\nConnection: close\nCookie: activeLangId=English; isStackableDevice=false\nUpgrade-Insecure-Requests: 1\n\n\nResponse:\n\nHTTP/1.1 302 Redirect\nactiveLangId=English; isStackableDevice=falseServer: GoAhead-Webs\nDate: Fri Mar 07 09:45:26 2014\nConnection: close\nPragma: no-cache\nCache-Control: no-cache\nContent-Type: text/html\nLocation: http://google.com/cs703dae2c/config/log_off_page.htm\n\n\u003chtml\u003e\u003chead\u003e\u003c/head\u003e\u003cbody\u003e\n This document has moved to a new \u003ca href=\"http://google.com/cs703dae2c/config/log_off_page.htm\"\u003elocation\u003c/a\u003e. \n Please update your documents to reflect the new location. \n \u003c/body\u003e\u003c/html\u003e\n\n\nThe redirection is happening to http://google.com/cs703dae2c/config/log_off_page.htm. The attacker need to be in same network and should be able to modify the victims request on the wire in order to trigger this vulnerabilty. \n\n*************************************************************************************************************************************\nAttack Vector:\n*************************************************************************************************************************************\nCan be used for domain fronting. \n\ncurl -k --header \"Host: attack.host.net\" \"domainname of the cisco device\"\n\n\n*************************************************************************************************************************************\nVendor Response:\n*************************************************************************************************************************************\n\nIssue 1:\nDue to the limited information given out, we are not considering it a vulnerability as such. Still, it would be better if it was not happening, so, we will treat it as a hardening enhancement. \n\nIssue 2:\nThe developers won\u0027t be able to provide a fix for this in the short term (90 days), so, we are planning to disclose this issue through an advisory on July 17th 2019. \n\nWe have assigned CVE CVE-2019-1943 for this issue. \n\nReference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect\n*************************************************************************************************************************************\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1943"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007074"
},
{
"db": "CNVD",
"id": "CNVD-2019-23151"
},
{
"db": "BID",
"id": "109288"
},
{
"db": "VULHUB",
"id": "VHN-151875"
},
{
"db": "PACKETSTORM",
"id": "153629"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1943",
"trust": 3.5
},
{
"db": "BID",
"id": "109288",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "153629",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007074",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-779",
"trust": 0.7
},
{
"db": "CXSECURITY",
"id": "WLB-2019070068",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-23151",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43839",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "47118",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2681",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-151875",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23151"
},
{
"db": "VULHUB",
"id": "VHN-151875"
},
{
"db": "BID",
"id": "109288"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007074"
},
{
"db": "PACKETSTORM",
"id": "153629"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-779"
},
{
"db": "NVD",
"id": "CVE-2019-1943"
}
]
},
"id": "VAR-201907-0394",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23151"
},
{
"db": "VULHUB",
"id": "VHN-151875"
}
],
"trust": 1.1270171866666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23151"
}
]
},
"last_update_date": "2024-11-23T23:01:48.354000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190717-sbss-redirect",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007074"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151875"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007074"
},
{
"db": "NVD",
"id": "CVE-2019-1943"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190717-sbss-redirect"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/109288"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1943"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1943"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2019070068http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43839"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153629/cisco-small-business-switch-information-leakage-open-redirect.html"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47118"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2681/"
},
{
"trust": 0.1,
"url": "http://google.com/cs703dae2c/config/log_off_page.htm\"\u003elocation\u003c/a\u003e."
},
{
"trust": 0.1,
"url": "http://google.com/cs703dae2c/config/log_off_page.htm"
},
{
"trust": 0.1,
"url": "https://www.cisco.com/c/en/us/products/switches/small-business-300-series-managed-switches/index.html"
},
{
"trust": 0.1,
"url": "https://10.1.1.120/cs703dae2c/\"\u003elocation\u003c/a\u003e."
},
{
"trust": 0.1,
"url": "http://fact-in-hack.blogspot.com"
},
{
"trust": 0.1,
"url": "http://google.com/cs703dae2c/config/log_off_page.htm."
},
{
"trust": 0.1,
"url": "https://10.21.151.120/cs703dae2c/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23151"
},
{
"db": "VULHUB",
"id": "VHN-151875"
},
{
"db": "BID",
"id": "109288"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007074"
},
{
"db": "PACKETSTORM",
"id": "153629"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-779"
},
{
"db": "NVD",
"id": "CVE-2019-1943"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-23151"
},
{
"db": "VULHUB",
"id": "VHN-151875"
},
{
"db": "BID",
"id": "109288"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007074"
},
{
"db": "PACKETSTORM",
"id": "153629"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-779"
},
{
"db": "NVD",
"id": "CVE-2019-1943"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-23151"
},
{
"date": "2019-07-17T00:00:00",
"db": "VULHUB",
"id": "VHN-151875"
},
{
"date": "2019-07-17T00:00:00",
"db": "BID",
"id": "109288"
},
{
"date": "2019-07-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007074"
},
{
"date": "2019-07-15T02:22:22",
"db": "PACKETSTORM",
"id": "153629"
},
{
"date": "2019-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-779"
},
{
"date": "2019-07-17T21:15:12.453000",
"db": "NVD",
"id": "CVE-2019-1943"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-23151"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-151875"
},
{
"date": "2019-07-17T00:00:00",
"db": "BID",
"id": "109288"
},
{
"date": "2019-07-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007074"
},
{
"date": "2019-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-779"
},
{
"date": "2024-11-21T04:37:44.213000",
"db": "NVD",
"id": "CVE-2019-1943"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-779"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business Series redirect software open redirect vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007074"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-779"
}
],
"trust": 0.6
}
}
VAR-201810-0338
Vulnerability from variot - Updated: 2024-11-23 22:58A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability exists because the affected management interface performs insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive, browser-based information. CiscoSmallBusiness300SeriesManagedSwitches is a switch device from Cisco. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue being tracked by Cisco Bug ID CSCvj58239
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0338",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sf300-24mp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-28p",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-28mp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf302-08",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-52",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-52p",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf302-08p",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-10sfp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf300-24p",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-52mp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-10pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf300-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf300-08",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf300-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf300-24pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-10p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf300-48pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-28pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf300-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-10mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-28",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf302-08mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf302-08mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-10mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-20",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sf302-08pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "sg300-10",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.4"
},
{
"model": "small business 300 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "300"
},
{
"model": "small business series managed switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20682"
},
{
"db": "BID",
"id": "105695"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011163"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-178"
},
{
"db": "NVD",
"id": "CVE-2018-0465"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:small_business_300_series_managed_switches_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011163"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Okan Coskun of Biznet Bilisim",
"sources": [
{
"db": "BID",
"id": "105695"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0465",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-0465",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20682",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-118667",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0465",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0465",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-0465",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-20682",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-178",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118667",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20682"
},
{
"db": "VULHUB",
"id": "VHN-118667"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011163"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-178"
},
{
"db": "NVD",
"id": "CVE-2018-0465"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability exists because the affected management interface performs insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive, browser-based information. CiscoSmallBusiness300SeriesManagedSwitches is a switch device from Cisco. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nThis issue being tracked by Cisco Bug ID CSCvj58239",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0465"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011163"
},
{
"db": "CNVD",
"id": "CNVD-2018-20682"
},
{
"db": "BID",
"id": "105695"
},
{
"db": "VULHUB",
"id": "VHN-118667"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0465",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011163",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-178",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20682",
"trust": 0.6
},
{
"db": "BID",
"id": "105695",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-118667",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20682"
},
{
"db": "VULHUB",
"id": "VHN-118667"
},
{
"db": "BID",
"id": "105695"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011163"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-178"
},
{
"db": "NVD",
"id": "CVE-2018-0465"
}
]
},
"id": "VAR-201810-0338",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20682"
},
{
"db": "VULHUB",
"id": "VHN-118667"
}
],
"trust": 1.05079366
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20682"
}
]
},
"last_update_date": "2024-11-23T22:58:50.453000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20181003-300-switch-xss",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-300-switch-xss"
},
{
"title": "Patch for CiscoSmallBusiness300SeriesManagedSwitches Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/141841"
},
{
"title": "Cisco Small Business 300 Series Managed Switches Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85392"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20682"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011163"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118667"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011163"
},
{
"db": "NVD",
"id": "CVE-2018-0465"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-300-switch-xss"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0465"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0465"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20682"
},
{
"db": "VULHUB",
"id": "VHN-118667"
},
{
"db": "BID",
"id": "105695"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011163"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-178"
},
{
"db": "NVD",
"id": "CVE-2018-0465"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20682"
},
{
"db": "VULHUB",
"id": "VHN-118667"
},
{
"db": "BID",
"id": "105695"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011163"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-178"
},
{
"db": "NVD",
"id": "CVE-2018-0465"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20682"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118667"
},
{
"date": "2018-10-03T00:00:00",
"db": "BID",
"id": "105695"
},
{
"date": "2019-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011163"
},
{
"date": "2018-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-178"
},
{
"date": "2018-10-05T14:29:04.357000",
"db": "NVD",
"id": "CVE-2018-0465"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20682"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118667"
},
{
"date": "2018-10-03T00:00:00",
"db": "BID",
"id": "105695"
},
{
"date": "2019-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011163"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-178"
},
{
"date": "2024-11-21T03:38:17.337000",
"db": "NVD",
"id": "CVE-2018-0465"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-178"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business 300 Series Managed Switches Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20682"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-178"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-178"
}
],
"trust": 0.6
}
}
VAR-201905-0512
Vulnerability from variot - Updated: 2024-11-23 22:58A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device. Cisco Small Business 300 Series (Sx300) Managed Switch Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoSmallBusiness300SeriesManagedSwitches is a switch device from Cisco. This issue is being tracked by Cisco Bug ID CSCvn17215. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0512",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sf300-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-48pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-20",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3001.4.9.0"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3001.4.0.88"
},
{
"model": "small business 300 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sx300 switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14707"
},
{
"db": "BID",
"id": "108344"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004727"
},
{
"db": "NVD",
"id": "CVE-2019-1814"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:small_business_300_series_managed_switches_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004727"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel O\u0027Connor from Genesis Software,Daniel O\u2019Connor from Genesis Software",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-691"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1814",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1814",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2019-14707",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-150456",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1814",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2019-1814",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-1814",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1814",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1814",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1814",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-14707",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-691",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-150456",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14707"
},
{
"db": "VULHUB",
"id": "VHN-150456"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004727"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-691"
},
{
"db": "NVD",
"id": "CVE-2019-1814"
},
{
"db": "NVD",
"id": "CVE-2019-1814"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected reload of the device and result in a denial of service (DoS) condition on an affected device. The vulnerability is due to a failure to free system memory when an unexpected DHCP request is received. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the targeted device. A successful exploit could allow the attacker to cause an unexpected reload of the device. Cisco Small Business 300 Series (Sx300) Managed Switch Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoSmallBusiness300SeriesManagedSwitches is a switch device from Cisco. \nThis issue is being tracked by Cisco Bug ID CSCvn17215. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1814"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004727"
},
{
"db": "CNVD",
"id": "CNVD-2019-14707"
},
{
"db": "BID",
"id": "108344"
},
{
"db": "VULHUB",
"id": "VHN-150456"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1814",
"trust": 3.4
},
{
"db": "BID",
"id": "108344",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004727",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-691",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-14707",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1752",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-150456",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14707"
},
{
"db": "VULHUB",
"id": "VHN-150456"
},
{
"db": "BID",
"id": "108344"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004727"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-691"
},
{
"db": "NVD",
"id": "CVE-2019-1814"
}
]
},
"id": "VAR-201905-0512",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14707"
},
{
"db": "VULHUB",
"id": "VHN-150456"
}
],
"trust": 1.05079366
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14707"
}
]
},
"last_update_date": "2024-11-23T22:58:40.736000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190515-sb300sms-dhcp",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb300sms-dhcp"
},
{
"title": "Patch for CiscoSmallBusiness300SeriesManagedSwitches Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/161607"
},
{
"title": "Cisco Small Business 300 Series Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92815"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004727"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-691"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
},
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "CWE-401",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150456"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004727"
},
{
"db": "NVD",
"id": "CVE-2019-1814"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108344"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-sb300sms-dhcp"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1814"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1814"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-1814"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-sb-snmpdos"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/81090"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14707"
},
{
"db": "VULHUB",
"id": "VHN-150456"
},
{
"db": "BID",
"id": "108344"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004727"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-691"
},
{
"db": "NVD",
"id": "CVE-2019-1814"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-14707"
},
{
"db": "VULHUB",
"id": "VHN-150456"
},
{
"db": "BID",
"id": "108344"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004727"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-691"
},
{
"db": "NVD",
"id": "CVE-2019-1814"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14707"
},
{
"date": "2019-05-16T00:00:00",
"db": "VULHUB",
"id": "VHN-150456"
},
{
"date": "2019-05-15T00:00:00",
"db": "BID",
"id": "108344"
},
{
"date": "2019-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004727"
},
{
"date": "2019-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-691"
},
{
"date": "2019-05-16T00:29:00.260000",
"db": "NVD",
"id": "CVE-2019-1814"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14707"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-150456"
},
{
"date": "2019-05-15T00:00:00",
"db": "BID",
"id": "108344"
},
{
"date": "2019-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004727"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-691"
},
{
"date": "2024-11-21T04:37:26.363000",
"db": "NVD",
"id": "CVE-2019-1814"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-691"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business 300 Series Managed Switch Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004727"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-691"
}
],
"trust": 0.6
}
}
VAR-201905-0529
Vulnerability from variot - Updated: 2024-11-23 22:58A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability. plural Cisco The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoSmallBusinessSwitch is the core series switch of cisco. The vulnerability stems from a network system or product that does not properly validate the input data. This issue is being tracked by Cisco Bug IDs CSCvn49346, CSCvn93730
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0529",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esw2-350g52dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sx550x-12f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf300-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf302-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg550x-24mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250-18",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf302-08mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sx550x-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg300-10pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg300-10sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg350-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf500-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf350-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf500-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250-26",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf200-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf300-48pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg300-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-26",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250-50p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf250-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg300-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-18",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x24mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250-50hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf250-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sx550x-24ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg300-20",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf250-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg355-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "esw2-550x48dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg200-26p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-50p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf250-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf302-08mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250-26hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500xg8f8t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250-50",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf350-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sx550x-24f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sx550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg350-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sx550x-16ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250-26p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250-08hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf200-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf350-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg200-50",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg350-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "small business esw2 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx200 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx250 series switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx300 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx350 series switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx500 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx550 series switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx200 series managed switches",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx300 series managed switches",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx500 series managed switches",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business esw2 series managed switches",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx250 series switches",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx350 series switches",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business sx550 series switches",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "sx550 switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sx500 switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sx350 switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sx300 switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sx250 switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sx200 switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "small business series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5002.4.0.94"
},
{
"model": "esw2 series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14709"
},
{
"db": "BID",
"id": "108335"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004726"
},
{
"db": "NVD",
"id": "CVE-2019-1806"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:esw2_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sx200_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sx250_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sx300_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sx350_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sx500_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sx550_series_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004726"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Patrick S. Stuckenberger of August Manser AG",
"sources": [
{
"db": "BID",
"id": "108335"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-675"
}
],
"trust": 0.9
},
"cve": "CVE-2019-1806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-1806",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-14709",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CVE-2019-1806",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CVE-2019-1806",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-1806",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1806",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1806",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-1806",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-14709",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-675",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14709"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004726"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-675"
},
{
"db": "NVD",
"id": "CVE-2019-1806"
},
{
"db": "NVD",
"id": "CVE-2019-1806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an affected device to cease processing traffic, resulting in the CPU utilization reaching one hundred percent. Manual intervention may be required before a device resumes normal operations. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a malicious SNMP packet to an affected device. A successful exploit could allow the attacker to cause the device to cease forwarding traffic, which could result in a denial of service (DoS) condition. Cisco has released firmware updates that address this vulnerability. plural Cisco The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoSmallBusinessSwitch is the core series switch of cisco. The vulnerability stems from a network system or product that does not properly validate the input data. \nThis issue is being tracked by Cisco Bug IDs CSCvn49346, CSCvn93730",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1806"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004726"
},
{
"db": "CNVD",
"id": "CNVD-2019-14709"
},
{
"db": "BID",
"id": "108335"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1806",
"trust": 3.3
},
{
"db": "BID",
"id": "108335",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004726",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-14709",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1752",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-675",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14709"
},
{
"db": "BID",
"id": "108335"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004726"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-675"
},
{
"db": "NVD",
"id": "CVE-2019-1806"
}
]
},
"id": "VAR-201905-0529",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14709"
}
],
"trust": 1.2853298625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14709"
}
]
},
"last_update_date": "2024-11-23T22:58:40.702000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190515-sb-snmpdos",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb-snmpdos"
},
{
"title": "Patches for multiple Cisco product input verification error vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/161529"
},
{
"title": "Multiple Cisco Product input verification error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92799"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14709"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004726"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-675"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-400",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004726"
},
{
"db": "NVD",
"id": "CVE-2019-1806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/108335"
},
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-sb-snmpdos"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1806"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1806"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-1806"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/81090"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14709"
},
{
"db": "BID",
"id": "108335"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004726"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-675"
},
{
"db": "NVD",
"id": "CVE-2019-1806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-14709"
},
{
"db": "BID",
"id": "108335"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004726"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-675"
},
{
"db": "NVD",
"id": "CVE-2019-1806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14709"
},
{
"date": "2019-05-15T00:00:00",
"db": "BID",
"id": "108335"
},
{
"date": "2019-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004726"
},
{
"date": "2019-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-675"
},
{
"date": "2019-05-15T22:29:00.247000",
"db": "NVD",
"id": "CVE-2019-1806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14709"
},
{
"date": "2019-05-15T00:00:00",
"db": "BID",
"id": "108335"
},
{
"date": "2019-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004726"
},
{
"date": "2019-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-675"
},
{
"date": "2024-11-21T04:37:25.137000",
"db": "NVD",
"id": "CVE-2019-1806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-675"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Product depletion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004726"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-675"
}
],
"trust": 0.6
}
}
VAR-201811-0177
Vulnerability from variot - Updated: 2024-11-23 22:48A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability. CiscoSmallBusiness200SeriesSmartSwitches are small smart switch devices from Cisco. SmallBusinessSwitchesSoftware is a set of switch software that runs on it. This issue is being tracked by Cisco bugs CSCvk20713 and CSCvm11846
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0177",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sg250-50hp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg550x-48mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf500-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350xg-2f10",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf500-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350x-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-52p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf550x-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf550x-48mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500x-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350x-24mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500-52p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg550x-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10sfp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf350-48mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350-10",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-52mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250x-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg550x-24mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500x-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-18",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-10fp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500-28mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-52",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg550x-24mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350xg-24t",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-08p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-20",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250-18",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500xg-8f8t",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf250-48hp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-28mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg355-10p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg550x-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sx550x-52",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-24mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf350-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250-10p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf550x-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350-10p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350x-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf500-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf500-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250-26",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf302-08mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sx550x-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf250-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf302-08mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sx550x-24ft",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg550x-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350-28mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350x-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf250-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250x-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350xg-48t",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250-08hp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500x-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-24pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500-28",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500-28p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf550x-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-48pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-28pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-28",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250-08",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350x-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sx550x-12f",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500x-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250x-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf302-08pp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350-10mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250-50",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sx550x-16ft",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf550x-24mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg550x-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350x-48mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-08",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500-52",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350xg-24f",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf250-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50fp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf300-08",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26fp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf302-08p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500-52mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250-26hp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sx550x-24f",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250x-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf350-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350-28p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf550x-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf302-08",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-28p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250-50p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg350-28",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-24fp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg250-26p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "series managed switches",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3500"
},
{
"model": "small business switches",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "550x"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "300"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "350x"
},
{
"model": "series smart switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "250"
},
{
"model": "small business series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500"
},
{
"model": "small business series smart switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "200"
},
{
"model": "small business switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business series stackable managed switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "small business series smart switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2000"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "550x0"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "350x0"
},
{
"model": "series smart switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00343"
},
{
"db": "BID",
"id": "105873"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011646"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-180"
},
{
"db": "NVD",
"id": "CVE-2018-15439"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:small_business_switches",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011646"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-180"
}
],
"trust": 0.6
},
"cve": "CVE-2018-15439",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-15439",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-00343",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-125698",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-15439",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-15439",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15439",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15439",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2018-15439",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-15439",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-00343",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-180",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125698",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-15439",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00343"
},
{
"db": "VULHUB",
"id": "VHN-125698"
},
{
"db": "VULMON",
"id": "CVE-2018-15439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011646"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-180"
},
{
"db": "NVD",
"id": "CVE-2018-15439"
},
{
"db": "NVD",
"id": "CVE-2018-15439"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability. CiscoSmallBusiness200SeriesSmartSwitches are small smart switch devices from Cisco. SmallBusinessSwitchesSoftware is a set of switch software that runs on it. \nThis issue is being tracked by Cisco bugs CSCvk20713 and CSCvm11846",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011646"
},
{
"db": "CNVD",
"id": "CNVD-2019-00343"
},
{
"db": "BID",
"id": "105873"
},
{
"db": "VULHUB",
"id": "VHN-125698"
},
{
"db": "VULMON",
"id": "CVE-2018-15439"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15439",
"trust": 3.5
},
{
"db": "BID",
"id": "105873",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011646",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-180",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-00343",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-125698",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-15439",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00343"
},
{
"db": "VULHUB",
"id": "VHN-125698"
},
{
"db": "VULMON",
"id": "CVE-2018-15439"
},
{
"db": "BID",
"id": "105873"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011646"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-180"
},
{
"db": "NVD",
"id": "CVE-2018-15439"
}
]
},
"id": "VAR-201811-0177",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00343"
},
{
"db": "VULHUB",
"id": "VHN-125698"
}
],
"trust": 1.2202628899999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00343"
}
]
},
"last_update_date": "2024-11-23T22:48:32.513000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20181107-sbsw-privacc",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc"
},
{
"title": "CiscoSmallBusinessSwitches authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/149219"
},
{
"title": "Cisco Small Business Switches Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86652"
},
{
"title": "Cisco: Cisco Small Business Switches Privileged Access Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20181107-sbsw-privacc"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-unpatched-cisco-flaw/141010/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-accidentally-released-dirty-cow-exploit-code-in-software/138888/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00343"
},
{
"db": "VULMON",
"id": "CVE-2018-15439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011646"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125698"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011646"
},
{
"db": "NVD",
"id": "CVE-2018-15439"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181107-sbsw-privacc"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/105873"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15439"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15439"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/critical-unpatched-cisco-flaw/141010/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00343"
},
{
"db": "VULHUB",
"id": "VHN-125698"
},
{
"db": "VULMON",
"id": "CVE-2018-15439"
},
{
"db": "BID",
"id": "105873"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011646"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-180"
},
{
"db": "NVD",
"id": "CVE-2018-15439"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-00343"
},
{
"db": "VULHUB",
"id": "VHN-125698"
},
{
"db": "VULMON",
"id": "CVE-2018-15439"
},
{
"db": "BID",
"id": "105873"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011646"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-180"
},
{
"db": "NVD",
"id": "CVE-2018-15439"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00343"
},
{
"date": "2018-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-125698"
},
{
"date": "2018-11-08T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15439"
},
{
"date": "2018-11-07T00:00:00",
"db": "BID",
"id": "105873"
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011646"
},
{
"date": "2018-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-180"
},
{
"date": "2018-11-08T17:29:00.607000",
"db": "NVD",
"id": "CVE-2018-15439"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00343"
},
{
"date": "2020-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-125698"
},
{
"date": "2020-08-28T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15439"
},
{
"date": "2018-11-07T00:00:00",
"db": "BID",
"id": "105873"
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011646"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-180"
},
{
"date": "2024-11-21T03:50:48.200000",
"db": "NVD",
"id": "CVE-2018-15439"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-180"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business Switches Vulnerability in the use of hard-coded credentials in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011646"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-180"
}
],
"trust": 0.6
}
}
VAR-201907-0237
Vulnerability from variot - Updated: 2024-11-23 22:48A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This issue is being tracked by Cisco Bug IDs CSCvp43403, and CSCvp43417
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0237",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esw2-350g52dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "esw2-550x48dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-26p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-50p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500xg8f8t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-48pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-26",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-18",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-50",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x24mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-20",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-24",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-24p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-48",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-48p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-18",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5001.4.9.0"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5001.4.2.04"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.7"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.9.0"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.2.04"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.0.88"
},
{
"model": "small business series managed switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.8.06"
},
{
"model": "small business series managed switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.2.7.76"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2001.4.2.04"
},
{
"model": "small business series managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5001.4.10.6"
},
{
"model": "small business series managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.10.6"
},
{
"model": "small business series managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2001.4.10.6"
}
],
"sources": [
{
"db": "BID",
"id": "109039"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006440"
},
{
"db": "NVD",
"id": "CVE-2019-1891"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:sf200-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sf200-24p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sf200-48_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sf200-48p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-26_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-26p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-50_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-50p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg300-10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006440"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "109039"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-235"
}
],
"trust": 0.9
},
"cve": "CVE-2019-1891",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1891",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1891",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1891",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1891",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-1891",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-235",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006440"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-235"
},
{
"db": "NVD",
"id": "CVE-2019-1891"
},
{
"db": "NVD",
"id": "CVE-2019-1891"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. \nThis issue is being tracked by Cisco Bug IDs CSCvp43403, and CSCvp43417",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1891"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006440"
},
{
"db": "BID",
"id": "109039"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1891",
"trust": 2.7
},
{
"db": "BID",
"id": "109039",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006440",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.2440",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201907-235",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "109039"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006440"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-235"
},
{
"db": "NVD",
"id": "CVE-2019-1891"
}
]
},
"id": "VAR-201907-0237",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33338292999999997
},
"last_update_date": "2024-11-23T22:48:22.054000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190703-sbss-dos",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-dos"
},
{
"title": "Cisco\u00a0Small Business 200 , 300 and 500 Series Managed Switches Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94424"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006440"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006440"
},
{
"db": "NVD",
"id": "CVE-2019-1891"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-sbss-dos"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1891"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1891"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-sbss-memcorrupt"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/109039"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2440/"
}
],
"sources": [
{
"db": "BID",
"id": "109039"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006440"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-235"
},
{
"db": "NVD",
"id": "CVE-2019-1891"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "109039"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006440"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-235"
},
{
"db": "NVD",
"id": "CVE-2019-1891"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-03T00:00:00",
"db": "BID",
"id": "109039"
},
{
"date": "2019-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006440"
},
{
"date": "2019-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-235"
},
{
"date": "2019-07-06T02:15:11.183000",
"db": "NVD",
"id": "CVE-2019-1891"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-03T00:00:00",
"db": "BID",
"id": "109039"
},
{
"date": "2019-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006440"
},
{
"date": "2019-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-235"
},
{
"date": "2024-11-21T04:37:37.573000",
"db": "NVD",
"id": "CVE-2019-1891"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-235"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business Series Managed Switch Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006440"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-235"
}
],
"trust": 0.6
}
}
VAR-201907-0231
Vulnerability from variot - Updated: 2024-11-23 22:48A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition. Cisco Small Business 200 , 300 , 500 Series Managed Switch Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. are all products of Cisco. This issue is being tracked by Cisco Bug ID CSCvp43390
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0231",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esw2-350g52dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "esw2-550x48dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-26p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-50p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500xg8f8t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-48pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-26",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-18",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-50",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x24mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-20",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-24",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-24p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-48",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sf200-48p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-18",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg300-10",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business series",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "200\u003c1.4.10.6"
},
{
"model": "small business series",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "300\u003c1.4.10.6"
},
{
"model": "small business series",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500\u003c1.4.10.6"
},
{
"model": "small business series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5001.4.9.0"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5001.4.2.04"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.7"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.9.0"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.2.04"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.0.88"
},
{
"model": "small business series managed switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.8.06"
},
{
"model": "small business series managed switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.2.7.76"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2001.4.9.04"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2001.4.2.04"
},
{
"model": "small business series managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5001.4.10.6"
},
{
"model": "small business series managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.10.6"
},
{
"model": "small business series managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2001.4.10.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22321"
},
{
"db": "BID",
"id": "109042"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006441"
},
{
"db": "NVD",
"id": "CVE-2019-1892"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:sf200-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sf200-24p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sf200-48_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sf200-48p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-26_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-26p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-50_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-50p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg300-10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006441"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco.",
"sources": [
{
"db": "BID",
"id": "109042"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-236"
}
],
"trust": 0.9
},
"cve": "CVE-2019-1892",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1892",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-22321",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1892",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1892",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1892",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-1892",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-22321",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-236",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22321"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006441"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-236"
},
{
"db": "NVD",
"id": "CVE-2019-1892"
},
{
"db": "NVD",
"id": "CVE-2019-1892"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition. Cisco Small Business 200 , 300 , 500 Series Managed Switch Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. are all products of Cisco. \nThis issue is being tracked by Cisco Bug ID CSCvp43390",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1892"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006441"
},
{
"db": "CNVD",
"id": "CNVD-2020-22321"
},
{
"db": "BID",
"id": "109042"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1892",
"trust": 3.3
},
{
"db": "BID",
"id": "109042",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006441",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22321",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2440",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201907-236",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22321"
},
{
"db": "BID",
"id": "109042"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006441"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-236"
},
{
"db": "NVD",
"id": "CVE-2019-1892"
}
]
},
"id": "VAR-201907-0231",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22321"
}
],
"trust": 1.0514219533333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22321"
}
]
},
"last_update_date": "2024-11-23T22:48:22.019000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190703-sbss-memcorrupt",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt"
},
{
"title": "Patch for Cisco Small Business 200, 300, and 500 Series Managed Switches buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/213517"
},
{
"title": "Cisco\u00a0Small Business 200 , 300 and 500 Series Managed Switches Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94425"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22321"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006441"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-236"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006441"
},
{
"db": "NVD",
"id": "CVE-2019-1892"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1892"
},
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-sbss-memcorrupt"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1892"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-sbss-dos"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/109042"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2440/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22321"
},
{
"db": "BID",
"id": "109042"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006441"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-236"
},
{
"db": "NVD",
"id": "CVE-2019-1892"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22321"
},
{
"db": "BID",
"id": "109042"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006441"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-236"
},
{
"db": "NVD",
"id": "CVE-2019-1892"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22321"
},
{
"date": "2019-07-03T00:00:00",
"db": "BID",
"id": "109042"
},
{
"date": "2019-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006441"
},
{
"date": "2019-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-236"
},
{
"date": "2019-07-06T02:15:11.293000",
"db": "NVD",
"id": "CVE-2019-1892"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22321"
},
{
"date": "2019-07-03T00:00:00",
"db": "BID",
"id": "109042"
},
{
"date": "2019-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006441"
},
{
"date": "2019-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-236"
},
{
"date": "2024-11-21T04:37:37.757000",
"db": "NVD",
"id": "CVE-2019-1892"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-236"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business Series Managed Switch Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006441"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-236"
}
],
"trust": 0.6
}
}
VAR-201801-0345
Vulnerability from variot - Updated: 2024-11-23 22:42A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches, Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches. Cisco Bug IDs: CSCvg29980. Vendors have confirmed this vulnerability Bug ID CSCvg29980 It is released as.Information may be obtained and information may be altered. Attackers can leverage these issues to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. are all switching devices of Cisco (Cisco)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0345",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sg350xg-2f10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf302-08mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-48mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "esw2-350g-52dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-52p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-52p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-10sfp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "esw2-550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf500-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-24ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350x-24mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-28mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-28mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-24mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "esw2-350g-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-20",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500x-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg355-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg355-10p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sx550x-52",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350xg-24f",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-28mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-08",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-10p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-24f",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-10pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-16ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350x-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sx550x-16ft",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-28",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-28pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-10",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-28pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-28",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "esw2-550x-48dc",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sx550x-12f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-12f",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-10mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-24mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350xg-24f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-20",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-52mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-10p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-48mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf350-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-28p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf350-48mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-28p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350xg-24t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf550x-24mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "esw2-550x-48dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500xg-8f8t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500xg-8f8t",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350xg-24t",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-52",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf350-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-24f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf500-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf350-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350xg-2f10",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "esw2-350g-52dc",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350xg-48t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf302-08mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "esw2-550x-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sx550x-24ft",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-28mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-48pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-52",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350xg-48t",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-52mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-48pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-24mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "esw2-350g-52",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-48mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf350-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf302-08mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-28p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf550x-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf350-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-28",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "350 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "350x series stackable managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "550x series stackable managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "esw2 series expansion switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business 300 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business 500 series stackable managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business 350 series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 500 series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "esw2 series advanced switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 550x series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 350x series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 300 series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business series stackable managed switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.7"
},
{
"model": "small business series managed switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "small business series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "esw2 series advanced switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "550x0"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "350x0"
},
{
"model": "series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3500"
}
],
"sources": [
{
"db": "BID",
"id": "102733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012150"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-633"
},
{
"db": "NVD",
"id": "CVE-2017-12308"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:small_business_350_series_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_350x_series_stackable_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_550x_series_stackable_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:esw2_series_advanced_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_300_series_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_500_series_stackable_managed_switches_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012150"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nicholas Lim",
"sources": [
{
"db": "BID",
"id": "102733"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12308",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-12308",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-102817",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-12308",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-12308",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12308",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12308",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-633",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102817",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-12308",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102817"
},
{
"db": "VULMON",
"id": "CVE-2017-12308"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012150"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-633"
},
{
"db": "NVD",
"id": "CVE-2017-12308"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches, Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches. Cisco Bug IDs: CSCvg29980. Vendors have confirmed this vulnerability Bug ID CSCvg29980 It is released as.Information may be obtained and information may be altered. \nAttackers can leverage these issues to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. are all switching devices of Cisco (Cisco)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12308"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012150"
},
{
"db": "BID",
"id": "102733"
},
{
"db": "VULHUB",
"id": "VHN-102817"
},
{
"db": "VULMON",
"id": "CVE-2017-12308"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12308",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012150",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-633",
"trust": 0.7
},
{
"db": "BID",
"id": "102733",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-102817",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-12308",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102817"
},
{
"db": "VULMON",
"id": "CVE-2017-12308"
},
{
"db": "BID",
"id": "102733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012150"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-633"
},
{
"db": "NVD",
"id": "CVE-2017-12308"
}
]
},
"id": "VAR-201801-0345",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102817"
}
],
"trust": 0.5514219533333333
},
"last_update_date": "2024-11-23T22:42:00.106000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180117-300-500-smb2",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb2"
},
{
"title": "Cisco: Cisco Small Business 300 and 500 Series Managed Switches HTTP Response Splitting Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180117-300-500-smb2"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-12308"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012150"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-113",
"trust": 1.9
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102817"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012150"
},
{
"db": "NVD",
"id": "CVE-2017-12308"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-300-500-smb2"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12308"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12308"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/102733"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102817"
},
{
"db": "VULMON",
"id": "CVE-2017-12308"
},
{
"db": "BID",
"id": "102733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012150"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-633"
},
{
"db": "NVD",
"id": "CVE-2017-12308"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-102817"
},
{
"db": "VULMON",
"id": "CVE-2017-12308"
},
{
"db": "BID",
"id": "102733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012150"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-633"
},
{
"db": "NVD",
"id": "CVE-2017-12308"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-102817"
},
{
"date": "2018-01-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12308"
},
{
"date": "2018-01-11T00:00:00",
"db": "BID",
"id": "102733"
},
{
"date": "2018-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012150"
},
{
"date": "2018-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-633"
},
{
"date": "2018-01-18T06:29:00.267000",
"db": "NVD",
"id": "CVE-2017-12308"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-102817"
},
{
"date": "2020-09-04T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12308"
},
{
"date": "2018-01-11T00:00:00",
"db": "BID",
"id": "102733"
},
{
"date": "2018-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012150"
},
{
"date": "2020-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-633"
},
{
"date": "2024-11-21T03:09:16.797000",
"db": "NVD",
"id": "CVE-2017-12308"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-633"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business 300 Series and 500 In series managed switch software HTTP Response splitting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012150"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-633"
}
],
"trust": 0.6
}
}
VAR-201808-0309
Vulnerability from variot - Updated: 2024-11-23 22:38A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87330. Vendors have confirmed this vulnerability Bug ID CSCvi87330 It is released as.Information may be obtained and information may be altered. The CiscoSmallBusiness300Series (Sx300) ManagedSwitches is a 300 series switch device from Cisco. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sf300-24pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-52",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-28mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28sfp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-08",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-48pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf302-08mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-52mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-24p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-10p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-24mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-20",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-10mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf302-08pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf302-08",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf302-08p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-10pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-52p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf302-08mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-08",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-10sfp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-24mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-10mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-52",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10mpp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-48p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-28sfp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-24pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-52mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf302-08",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-28",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf302-08mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-28p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf302-08mpp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-48pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10sfp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-20",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-52p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf302-08pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf302-08p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3001.4.7"
},
{
"model": "small business 300 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16183"
},
{
"db": "BID",
"id": "104948"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008755"
},
{
"db": "NVD",
"id": "CVE-2018-0408"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:small_business_300_series_managed_switches_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008755"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sven Fassbender from modzero.",
"sources": [
{
"db": "BID",
"id": "104948"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0408",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2018-0408",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-16183",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2018-0408",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0408",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-0408",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-16183",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-011",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16183"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008755"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-011"
},
{
"db": "NVD",
"id": "CVE-2018-0408"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87330. Vendors have confirmed this vulnerability Bug ID CSCvi87330 It is released as.Information may be obtained and information may be altered. The CiscoSmallBusiness300Series (Sx300) ManagedSwitches is a 300 series switch device from Cisco. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0408"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008755"
},
{
"db": "CNVD",
"id": "CNVD-2018-16183"
},
{
"db": "BID",
"id": "104948"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0408",
"trust": 3.3
},
{
"db": "BID",
"id": "104948",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008755",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-16183",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201808-011",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16183"
},
{
"db": "BID",
"id": "104948"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008755"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-011"
},
{
"db": "NVD",
"id": "CVE-2018-0408"
}
]
},
"id": "VAR-201808-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16183"
}
],
"trust": 0.95079366
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16183"
}
]
},
"last_update_date": "2024-11-23T22:38:05.216000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180801-sb-rxss",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-rxss"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008755"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008755"
},
{
"db": "NVD",
"id": "CVE-2018-0408"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180801-sb-rxss"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104948"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0408"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0408"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps10164/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16183"
},
{
"db": "BID",
"id": "104948"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008755"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-011"
},
{
"db": "NVD",
"id": "CVE-2018-0408"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16183"
},
{
"db": "BID",
"id": "104948"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008755"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-011"
},
{
"db": "NVD",
"id": "CVE-2018-0408"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16183"
},
{
"date": "2018-08-01T00:00:00",
"db": "BID",
"id": "104948"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008755"
},
{
"date": "2018-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-011"
},
{
"date": "2018-08-01T20:29:00.433000",
"db": "NVD",
"id": "CVE-2018-0408"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16183"
},
{
"date": "2018-08-01T00:00:00",
"db": "BID",
"id": "104948"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008755"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-011"
},
{
"date": "2024-11-21T03:38:09.980000",
"db": "NVD",
"id": "CVE-2018-0408"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-011"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business 300 Series Managed Switches Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008755"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-011"
}
],
"trust": 0.6
}
}
VAR-201905-0600
Vulnerability from variot - Updated: 2024-11-23 22:33A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default. Cisco Small Business Switches There is an authorization vulnerability in the software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. This issue is being tracked by Cisco bugs CSCvo28588, CSCvp35704
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0600",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sx550x-12f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf300-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-50fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-26fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg350xg-24t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf302-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg550x-24mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350xg-24f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf200-24fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250-18",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf302-08mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sx550x-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg300-10pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg300-10sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg350-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf500-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf350-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf500-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250-26",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf200-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf300-48pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg350xg-2f10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg300-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-26",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250-50p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf250-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg300-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-18",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250-50hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350xg-48t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf302-08pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-10fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500xg-8f8t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf250-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sx550x-24ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg200-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-20",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf250-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg355-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg200-26p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg200-50p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf250-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf302-08mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf500-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg250-26hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250-50",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf350-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sx550x-24f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sx550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf200-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-28pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf300-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg500-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg350-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sx550x-16ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250-26p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg250-08hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sf200-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf350-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg350-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg200-50",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg350x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg200-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg350-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.78"
},
{
"model": "sg500x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sg300-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "sf302-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.10.6"
},
{
"model": "200 series smart switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "250 series smart switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "350 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "350x series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "500 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business 300 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5002.4.0.92"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5001.4.2.04"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.2.04"
},
{
"model": "small business series smart switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2001.4.2.04"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "550x2.4.5.71"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "550x2.3.0.130"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "550x2.2.5.68"
},
{
"model": "series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "350x2.4.5.71"
},
{
"model": "series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3502.4.5.71"
},
{
"model": "series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3502.3.0.130"
},
{
"model": "series smart switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2502.4.5.71"
},
{
"model": "small business series managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5001.4.10.6"
},
{
"model": "small business series managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3001.4.10.6"
},
{
"model": "small business series smart switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2001.4.10.6"
},
{
"model": "series stackable managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "550x2.5.0.78"
},
{
"model": "series managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "350x2.5.0.78"
},
{
"model": "series managed switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3502.5.0.78"
},
{
"model": "series smart switches",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2502.5.0.78"
}
],
"sources": [
{
"db": "BID",
"id": "108140"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004454"
},
{
"db": "NVD",
"id": "CVE-2019-1859"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:200_series_smart_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:250_series_smart_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_350_series_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:350x_series_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:500_series_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_300_series_managed_switches_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004454"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Katie Sexton and Jimi Sebree of Tenable Research.,Katie Sexton and Jimi Sebree of Tenable Research for reporting these vulnerabilities.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-054"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1859",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-1859",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2019-1859",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2019-1859",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1859",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1859",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-1859",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-054",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-1859",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1859"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004454"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-054"
},
{
"db": "NVD",
"id": "CVE-2019-1859"
},
{
"db": "NVD",
"id": "CVE-2019-1859"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default. Cisco Small Business Switches There is an authorization vulnerability in the software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. \nThis issue is being tracked by Cisco bugs CSCvo28588, CSCvp35704",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1859"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004454"
},
{
"db": "BID",
"id": "108140"
},
{
"db": "VULMON",
"id": "CVE-2019-1859"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1859",
"trust": 2.8
},
{
"db": "BID",
"id": "108140",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004454",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1536",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-054",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-1859",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1859"
},
{
"db": "BID",
"id": "108140"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004454"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-054"
},
{
"db": "NVD",
"id": "CVE-2019-1859"
}
]
},
"id": "VAR-201905-0600",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4270171866666667
},
"last_update_date": "2024-11-23T22:33:55.680000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190501-scbv",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-scbv"
},
{
"title": "Multiple Cisco Product Authorization Issue Vulnerability Fixing Measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92197"
},
{
"title": "Cisco: Cisco Small Business Switches Secure Shell Certificate Authentication Bypass Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190501-scbv"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-critical-nexus-9000-flaw/144290/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1859"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004454"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-054"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-285",
"trust": 1.8
},
{
"problemtype": "CWE-295",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004454"
},
{
"db": "NVD",
"id": "CVE-2019-1859"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-scbv"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1859"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1859"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/108140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80182"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/cisco-critical-nexus-9000-flaw/144290/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1859"
},
{
"db": "BID",
"id": "108140"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004454"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-054"
},
{
"db": "NVD",
"id": "CVE-2019-1859"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-1859"
},
{
"db": "BID",
"id": "108140"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004454"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-054"
},
{
"db": "NVD",
"id": "CVE-2019-1859"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1859"
},
{
"date": "2019-05-01T00:00:00",
"db": "BID",
"id": "108140"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004454"
},
{
"date": "2019-05-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-054"
},
{
"date": "2019-05-03T17:29:01.500000",
"db": "NVD",
"id": "CVE-2019-1859"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1859"
},
{
"date": "2019-05-01T00:00:00",
"db": "BID",
"id": "108140"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004454"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-054"
},
{
"date": "2024-11-21T04:37:32.957000",
"db": "NVD",
"id": "CVE-2019-1859"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-054"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business Switches Authorization vulnerabilities in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004454"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-054"
}
],
"trust": 0.6
}
}
VAR-201910-0374
Vulnerability from variot - Updated: 2024-11-23 22:29A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device. Cisco 250 Series Smart Switches, etc. are products of the United States Cisco (Cisco). The Cisco 250 Series Smart Switches is a 250 series smart switch. The Cisco 350 Series Managed Switches is a 350 series managed switch. 550X Series Stackable Managed Switches is a 550X Series managed switch. The vulnerability stems from the program's failure to provide adequate cross-site request forgery protection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0374",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sf250x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg300-10sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf200e-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf500-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf500-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf250x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf200-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf250-26hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg350-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg500x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf200-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf300-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf300-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg500-28mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg550x-24mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg300-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg300-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg200-26",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg355-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf250-50p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg500x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg200-50",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg300-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf200-24fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11"
},
{
"model": "sf250x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf200e-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg200-18",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg200-10fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf302-08pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg500xg-8f8t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sx550x-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg350-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf350-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg300-20",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf250-50",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf250x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg500-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf300-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf300-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf500-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg350-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg200-26p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf250-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg200-50p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg300-10pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf250-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sx550x-24ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf302-08mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf500-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg500x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf300-24pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg300-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg300-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf250-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg500-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf300-48pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf250-50hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf250-26",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sx550x-12f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg300-28pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf250-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf300-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg500-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg500-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf200e48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf250-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf250-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf250-26p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf200-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg300-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg200-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg200-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf250-08hp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg500x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf350-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg300-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sx550x-24f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf302-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sx550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf200e-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg350-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf300-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg200-50fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg200-26fp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf200-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11"
},
{
"model": "sx550x-16ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf302-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg300-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg500-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg300-10mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf350-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sf302-08mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sf250-18",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg350-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "sg300-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.11.02"
},
{
"model": "sg350-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.0.90"
},
{
"model": "250 series smart switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "350 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "550x series stackable managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "series smart switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "250"
},
{
"model": "series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "350"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "550x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011149"
},
{
"db": "NVD",
"id": "CVE-2019-12636"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:250_series_smart_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_350_series_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_550x_series_stackable_managed_switches_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011149"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcin Mol of Securitum, Poland .",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1107"
}
],
"trust": 0.6
},
"cve": "CVE-2019-12636",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-12636",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-39610",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-12636",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-12636",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-12636",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-12636",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-12636",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-12636",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-39610",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1107",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011149"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1107"
},
{
"db": "NVD",
"id": "CVE-2019-12636"
},
{
"db": "NVD",
"id": "CVE-2019-12636"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device. Cisco 250 Series Smart Switches, etc. are products of the United States Cisco (Cisco). The Cisco 250 Series Smart Switches is a 250 series smart switch. The Cisco 350 Series Managed Switches is a 350 series managed switch. 550X Series Stackable Managed Switches is a 550X Series managed switch. The vulnerability stems from the program\u0027s failure to provide adequate cross-site request forgery protection",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12636"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011149"
},
{
"db": "CNVD",
"id": "CNVD-2019-39610"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12636",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011149",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-39610",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3882.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1107",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011149"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1107"
},
{
"db": "NVD",
"id": "CVE-2019-12636"
}
]
},
"id": "VAR-201910-0374",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39610"
}
],
"trust": 0.9159721999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39610"
}
]
},
"last_update_date": "2024-11-23T22:29:52.351000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20191016-sbss-csrfCVE-2019-12636",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-sbss-csrf"
},
{
"title": "Patch for Cisco 250 Series Smart Switches, 350 Series Managed Switches, and 550X Series Stackable Managed Switches Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/189157"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011149"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011149"
},
{
"db": "NVD",
"id": "CVE-2019-12636"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-sbss-csrf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12636"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12636"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-sbss-xss"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3882/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3882.2/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011149"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1107"
},
{
"db": "NVD",
"id": "CVE-2019-12636"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-39610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011149"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1107"
},
{
"db": "NVD",
"id": "CVE-2019-12636"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39610"
},
{
"date": "2019-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011149"
},
{
"date": "2019-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1107"
},
{
"date": "2019-10-16T19:15:10.987000",
"db": "NVD",
"id": "CVE-2019-12636"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39610"
},
{
"date": "2019-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011149"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1107"
},
{
"date": "2024-11-21T04:23:14.233000",
"db": "NVD",
"id": "CVE-2019-12636"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1107"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business Smart and Managed Switch Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011149"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1107"
}
],
"trust": 0.6
}
}
VAR-202008-0830
Vulnerability from variot - Updated: 2024-11-23 22:25A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0830",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sg200-26fp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf350-48p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250-10p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg200-26p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf300-48p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-28mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg500-52mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250-26hp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250-50p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf200-24fp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-10mpp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350-10p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350x-48p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf500-48p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf350-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg550x-48mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf302-08mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350xg-2f10",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sx550x-24f",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sx550x-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf550x-48mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-28p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg200-50p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-10mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-10sfp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf500-24p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250-50hp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf500-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350x-24p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf200-24p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf550x-24p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250x-24p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg500x-24p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf250-24p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350x-24mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf200-48p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg550x-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf300-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf350-48mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf300-24pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg500-28",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg500-28p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg550x-48p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-52",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg500-52p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf300-48pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-52mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg500x-48p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg200-50",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg200-18",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg200-10fp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg355-10p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sx550x-12f",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250x-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg550x-24mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350-10mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250-50",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf200-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350xg-24t",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg200-08",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg500-52",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350xg-24f",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg550x-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250-18",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf300-08",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-10p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250x-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg200-50fp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf550x-48p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf302-08",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-10pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350-28",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250-26",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sx550x-16ft",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250-26p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf550x-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf500-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf302-08mpp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250-08hp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sx550x-24ft",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg500x-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-52p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350-28mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350x-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf550x-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf200-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf250-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350-10",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-28pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350xg-48t",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg550x-24mpp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350x-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf300-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf300-24p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg500-28mpp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-28",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg200-26",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250x-48p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg250-08",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg200-08p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-20",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg300-10",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg500x-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf302-08pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg500xg-8f8t",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf250-48hp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf302-08p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf550x-24mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg550x-24p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350x-48mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sx550x-52",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf250-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg350-28p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sf300-24mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5.5.47"
},
{
"model": "sg200-08",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-08p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-10fp",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-18",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26fp",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-26p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50fp",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "sg200-50p",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business smart and managed switches",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-48989"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010444"
},
{
"db": "NVD",
"id": "CVE-2020-3496"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:sg200-08_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-08p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-10fp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-18_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-26_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-26fp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-26p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-50_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-50fp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:sg200-50p_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010444"
}
]
},
"cve": "CVE-2020-3496",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-3496",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-010444",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-48989",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3496",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3496",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-010444",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3496",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3496",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-010444",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-48989",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-979",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-48989"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010444"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-979"
},
{
"db": "NVD",
"id": "CVE-2020-3496"
},
{
"db": "NVD",
"id": "CVE-2020-3496"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3496"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010444"
},
{
"db": "CNVD",
"id": "CNVD-2020-48989"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3496",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010444",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-48989",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2859",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48759",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-979",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-48989"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010444"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-979"
},
{
"db": "NVD",
"id": "CVE-2020-3496"
}
]
},
"id": "VAR-202008-0830",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-48989"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-48989"
}
]
},
"last_update_date": "2024-11-23T22:25:23.409000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sbss-ipv6-dos-tsgqbffW",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbss-ipv6-dos-tsgqbffW"
},
{
"title": "Patch for Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/232054"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-48989"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010444"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010444"
},
{
"db": "NVD",
"id": "CVE-2020-3496"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbss-ipv6-dos-tsgqbffw"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3496"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3496"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48759"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2859/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-48989"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010444"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-979"
},
{
"db": "NVD",
"id": "CVE-2020-3496"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-48989"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010444"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-979"
},
{
"db": "NVD",
"id": "CVE-2020-3496"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-48989"
},
{
"date": "2021-01-18T07:48:14",
"db": "JVNDB",
"id": "JVNDB-2020-010444"
},
{
"date": "2020-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-979"
},
{
"date": "2020-08-26T17:15:14.210000",
"db": "NVD",
"id": "CVE-2020-3496"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-48989"
},
{
"date": "2021-01-18T07:48:14",
"db": "JVNDB",
"id": "JVNDB-2020-010444"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-979"
},
{
"date": "2024-11-21T05:31:11.363000",
"db": "NVD",
"id": "CVE-2020-3496"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-979"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business Smart and Managed Switch Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-979"
}
],
"trust": 0.6
}
}
VAR-201808-0308
Vulnerability from variot - Updated: 2024-11-23 22:06A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87326. Vendors have confirmed this vulnerability Bug ID CSCvi87326 It is released as.Information may be obtained and information may be altered. The CiscoSmallBusiness300Series (Sx300) ManagedSwitches is a 300 series switch device from Cisco. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0308",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sf300-24pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-24",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-52",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-28mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-48",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28sfp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-08",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-48pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf302-08mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-52mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-24p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-10p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-24mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-20",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-10mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf302-08pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf302-08",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf302-08p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-10pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-52p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf302-08mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-08",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-10sfp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-24mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-10mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-52",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10mpp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-48p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-28sfp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf300-24pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-52mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf302-08",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-28",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf302-08mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-28p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf302-08mpp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf300-48pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10sfp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-20",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-10mp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sg300-52p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "sf302-08pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sf302-08p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7"
},
{
"model": "sg300-28pp",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.06"
},
{
"model": "small business series managed switches",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3001.4.7"
},
{
"model": "small business 300 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16184"
},
{
"db": "BID",
"id": "104947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008754"
},
{
"db": "NVD",
"id": "CVE-2018-0407"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:small_business_300_series_managed_switches_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008754"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sven Fassbender from modzero.",
"sources": [
{
"db": "BID",
"id": "104947"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0407",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2018-0407",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-16184",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2018-0407",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0407",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-0407",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-16184",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-012",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16184"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008754"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-012"
},
{
"db": "NVD",
"id": "CVE-2018-0407"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87326. Vendors have confirmed this vulnerability Bug ID CSCvi87326 It is released as.Information may be obtained and information may be altered. The CiscoSmallBusiness300Series (Sx300) ManagedSwitches is a 300 series switch device from Cisco. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0407"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008754"
},
{
"db": "CNVD",
"id": "CNVD-2018-16184"
},
{
"db": "BID",
"id": "104947"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0407",
"trust": 3.3
},
{
"db": "BID",
"id": "104947",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008754",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-16184",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201808-012",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16184"
},
{
"db": "BID",
"id": "104947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008754"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-012"
},
{
"db": "NVD",
"id": "CVE-2018-0407"
}
]
},
"id": "VAR-201808-0308",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16184"
}
],
"trust": 0.95079366
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16184"
}
]
},
"last_update_date": "2024-11-23T22:06:39.269000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180801-sb-pxss",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-pxss"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008754"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008754"
},
{
"db": "NVD",
"id": "CVE-2018-0407"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180801-sb-pxss"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104947"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0407"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0407"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps10164/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16184"
},
{
"db": "BID",
"id": "104947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008754"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-012"
},
{
"db": "NVD",
"id": "CVE-2018-0407"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16184"
},
{
"db": "BID",
"id": "104947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008754"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-012"
},
{
"db": "NVD",
"id": "CVE-2018-0407"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16184"
},
{
"date": "2018-08-01T00:00:00",
"db": "BID",
"id": "104947"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008754"
},
{
"date": "2018-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-012"
},
{
"date": "2018-08-01T20:29:00.387000",
"db": "NVD",
"id": "CVE-2018-0407"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16184"
},
{
"date": "2018-08-01T00:00:00",
"db": "BID",
"id": "104947"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008754"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-012"
},
{
"date": "2024-11-21T03:38:09.830000",
"db": "NVD",
"id": "CVE-2018-0407"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business 300 Series Managed Switches Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-012"
}
],
"trust": 0.6
}
}
VAR-201801-0354
Vulnerability from variot - Updated: 2024-11-23 21:53A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting and injecting code into a user request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches, Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvg24637. Vendors have confirmed this vulnerability Bug ID CSCvg24637 It is released as.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. are American Cisco ( Cisco ) The company's switch equipment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0354",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sg350xg-2f10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf302-08mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-48mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "esw2-350g-52dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-52p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-52p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-10sfp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "esw2-550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf500-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-24ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350x-24mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-28mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-28mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-24mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "esw2-350g-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-20",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500x-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg355-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg355-10p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sx550x-52",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350xg-24f",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-28mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-08",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-10p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-24f",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-10pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-16ft",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350x-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sx550x-16ft",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-28",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-52p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-10",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-28pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-10",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-28pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-28",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "esw2-550x-48dc",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sx550x-12f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-12f",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-10mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-24mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350xg-24f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-20",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-52",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-24mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-52mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-10p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-52mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-10p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-48mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf350-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-28p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf350-48mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-28",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500x-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-24",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg500-28p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350xg-24t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf550x-24mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "esw2-550x-48dc",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500xg-8f8t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500xg-8f8t",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350xg-24t",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg500-52",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf500-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf350-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-24f",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sx550x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf500-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf350-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350xg-2f10",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "esw2-350g-52dc",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350xg-48t",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf302-08mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "esw2-550x-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sx550x-24ft",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-28mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350x-24",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-28mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf300-48pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-52",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350xg-48t",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg300-52mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-48",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08pp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf300-48pp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-24mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-24mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-24p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg550x-24p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "esw2-350g-52",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350x-48mp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-28p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf550x-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf350-48p",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf302-08mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg350-28p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf302-08",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sf550x-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf350-48p",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sf550x-48",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10mpp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg350-28",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "sg550x-48mp",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.9.4"
},
{
"model": "sg300-10mpp",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.7.0"
},
{
"model": "350 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "350x series stackable managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "550x series stackable managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "esw2 series expansion switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business 300 series managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business 500 series stackable managed switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business 350 series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 550x series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "esw2 series advanced switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 500 series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 350x series stackable managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business 300 series managed switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business series stackable managed switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "small business series managed switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "esw2 series advanced switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "550x0"
},
{
"model": "series stackable managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "350x0"
},
{
"model": "series managed switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3500"
}
],
"sources": [
{
"db": "BID",
"id": "102718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012149"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-634"
},
{
"db": "NVD",
"id": "CVE-2017-12307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:small_business_350_series_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_350x_series_stackable_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_550x_series_stackable_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:esw2_series_advanced_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_300_series_managed_switches_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:small_business_500_series_stackable_managed_switches_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012149"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nicholas Lim",
"sources": [
{
"db": "BID",
"id": "102718"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-12307",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-102816",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-12307",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-12307",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12307",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12307",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-634",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102816",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102816"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012149"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-634"
},
{
"db": "NVD",
"id": "CVE-2017-12307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting and injecting code into a user request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches, Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvg24637. Vendors have confirmed this vulnerability Bug ID CSCvg24637 It is released as.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. are American Cisco ( Cisco ) The company\u0027s switch equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12307"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012149"
},
{
"db": "BID",
"id": "102718"
},
{
"db": "VULHUB",
"id": "VHN-102816"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12307",
"trust": 2.8
},
{
"db": "BID",
"id": "102718",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012149",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-634",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-102816",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102816"
},
{
"db": "BID",
"id": "102718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012149"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-634"
},
{
"db": "NVD",
"id": "CVE-2017-12307"
}
]
},
"id": "VAR-201801-0354",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102816"
}
],
"trust": 0.43338292999999994
},
"last_update_date": "2024-11-23T21:53:30.895000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180117-300-500-smb1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012149"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102816"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012149"
},
{
"db": "NVD",
"id": "CVE-2017-12307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-300-500-smb1"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/102718"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12307"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12307"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102816"
},
{
"db": "BID",
"id": "102718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012149"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-634"
},
{
"db": "NVD",
"id": "CVE-2017-12307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-102816"
},
{
"db": "BID",
"id": "102718"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012149"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-634"
},
{
"db": "NVD",
"id": "CVE-2017-12307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-102816"
},
{
"date": "2018-01-17T00:00:00",
"db": "BID",
"id": "102718"
},
{
"date": "2018-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012149"
},
{
"date": "2018-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-634"
},
{
"date": "2018-01-18T06:29:00.207000",
"db": "NVD",
"id": "CVE-2017-12307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-102816"
},
{
"date": "2018-01-17T00:00:00",
"db": "BID",
"id": "102718"
},
{
"date": "2018-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012149"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-634"
},
{
"date": "2024-11-21T03:09:16.587000",
"db": "NVD",
"id": "CVE-2017-12307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-634"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business 300 Series and 500 Series managed switch software vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012149"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-634"
}
],
"trust": 0.6
}
}