Details of VAR-201907-0237

ID

VAR-201907-0237

CVE

CVE-2019-1891

TITLE

plural Cisco Small Business Series Managed Switch Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-006440

DESCRIPTION

A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This issue is being tracked by Cisco Bug IDs CSCvp43403, and CSCvp43417

Trust: 1.89

sources: NVD: CVE-2019-1891 // JVNDB: JVNDB-2019-006440 // BID: 109039

AFFECTED PRODUCTS

vendor:	cisco	model:	esw2-350g52dc	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-48p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-08	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf500-48p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf302-08	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-28mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-24mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500-52mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	esw2-550x48dc	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg200-26p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg200-50p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-10mpp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf302-08mpp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-28p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf302-08mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf500-24	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-10pp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-10sfp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500xg8f8t	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500x-24	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf500-24p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-10mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-24pp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf500-48	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf200-24p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-52p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500-52p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf200-24	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-28sfp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf200-48p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-28pp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-48	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-48pp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-24p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf300-24	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500-28mpp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-28	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-52	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500-28	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg200-26	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500-28p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500x-48mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500x-48p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-10	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf200-48	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg200-18	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-52mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf302-08pp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf500-48mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg200-50	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500x24mpp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf500-24mp	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500x-48	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-20	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg300-10p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf302-08p	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sg500-52	scope:	lt	version:	1.4.10.6	Trust: 1.0
vendor:	cisco	model:	sf200-24	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sf200-24p	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sf200-48	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sf200-48p	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sg200-18	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sg200-26	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sg200-26p	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sg200-50	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sg200-50p	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sg300-10	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business series stackable managed switches	scope:	eq	version:	5001.4.9.0	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	eq	version:	5001.4.2.04	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	eq	version:	3001.4.7	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	eq	version:	3001.4.9.0	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	eq	version:	3001.4.2.04	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	eq	version:	3001.4.0.88	Trust: 0.3
vendor:	cisco	model:	small business series managed switch	scope:	eq	version:	3001.4.8.06	Trust: 0.3
vendor:	cisco	model:	small business series managed switch	scope:	eq	version:	3001.2.7.76	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	eq	version:	2001.4.2.04	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	ne	version:	5001.4.10.6	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	ne	version:	3001.4.10.6	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	ne	version:	2001.4.10.6	Trust: 0.3

sources: BID: 109039 // JVNDB: JVNDB-2019-006440 // NVD: CVE-2019-1891

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1891
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1891
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1891
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-235
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-1891
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2019-1891
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 2.8

sources: JVNDB: JVNDB-2019-006440 // CNNVD: CNNVD-201907-235 // NVD: CVE-2019-1891 // NVD: CVE-2019-1891

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-006440 // NVD: CVE-2019-1891

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-235

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201907-235

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006440

PATCH

title:	cisco-sa-20190703-sbss-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-dos	Trust: 0.8
title:	Cisco Small Business 200 , 300 and 500 Series Managed Switches Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94424	Trust: 0.6

sources: JVNDB: JVNDB-2019-006440 // CNNVD: CNNVD-201907-235

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1891	Trust: 2.7
db:	BID	id:	109039	Trust: 0.9
db:	JVNDB	id:	JVNDB-2019-006440	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.2440	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-235	Trust: 0.6

sources: BID: 109039 // JVNDB: JVNDB-2019-006440 // CNNVD: CNNVD-201907-235 // NVD: CVE-2019-1891

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-sbss-dos	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1891	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1891	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-sbss-memcorrupt	Trust: 0.6
url:	https://www.securityfocus.com/bid/109039	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2440/	Trust: 0.6

sources: BID: 109039 // JVNDB: JVNDB-2019-006440 // CNNVD: CNNVD-201907-235 // NVD: CVE-2019-1891

CREDITS

Cisco

Trust: 0.9

sources: BID: 109039 // CNNVD: CNNVD-201907-235

SOURCES

db:	BID	id:	109039
db:	JVNDB	id:	JVNDB-2019-006440
db:	CNNVD	id:	CNNVD-201907-235
db:	NVD	id:	CVE-2019-1891

LAST UPDATE DATE

2024-11-23T22:48:22.054000+00:00

SOURCES UPDATE DATE

db:	BID	id:	109039	date:	2019-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-006440	date:	2019-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201907-235	date:	2019-07-18T00:00:00
db:	NVD	id:	CVE-2019-1891	date:	2024-11-21T04:37:37.573

SOURCES RELEASE DATE

db:	BID	id:	109039	date:	2019-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-006440	date:	2019-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201907-235	date:	2019-07-03T00:00:00
db:	NVD	id:	CVE-2019-1891	date:	2019-07-06T02:15:11.183