Cisco Small Business 220 up to 1.1.4.3 Web Management Interface improper authorization
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.5 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, was found in Cisco Small Business 220 up to 1.1.4.3. The affected element is an unknown function of the component Web Management Interface. The manipulation results in improper authorization. This vulnerability is identified as CVE-2019-1912. The attack can be executed remotely. Additionally, an exploit exists. You should upgrade the affected component.
Details
A vulnerability was found in Cisco Small Business 220 up to 1.1.4.3. It has been classified as critical. Affected is some unknown functionality of the component Web Management Interface. The manipulation with an unknown input leads to a improper authorization vulnerability. CWE is classifying the issue as CWE-285. The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell. This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default.
The weakness was released 08/07/2019 as cisco-sa-20190806-sb220-auth_b as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability is traded as CVE-2019-1912 since 12/06/2018. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details are unknown but a public exploit is available. The MITRE ATT&CK project declares the attack technique as T1548.002. The advisory points out:
The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell.
The exploit is shared for download at exploit-db.com. It is declared as proof-of-concept. As 0-day the estimated underground price was around $5k-$25k.
Upgrading to version 1.1.4.4 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Exploit-DB (47442). Further details are available at zdnet.com. Entries connected to this vulnerability are available at VDB-139597 and VDB-139598. Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.6VulDB Meta Temp Score: 8.5
VulDB Base Score: 7.3
VulDB Temp Score: 6.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
Vendor Base Score (Cisco): 9.1
Vendor Vector (Cisco): 🔍
NVD Base Score: 9.1
NVD Vector: 🔍
CNA Base Score: 9.1
CNA Vector (Cisco Systems, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Improper authorizationCWE: CWE-285 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Small Business 220 1.1.4.4
Timeline
12/06/2018 🔍08/07/2019 🔍
08/07/2019 🔍
07/21/2024 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20190806-sb220-auth_b
Status: Confirmed
CVE: CVE-2019-1912 (🔍)
GCVE (CVE): GCVE-0-2019-1912
GCVE (VulDB): GCVE-100-139596
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 08/07/2019 14:06Updated: 07/21/2024 22:11
Changes: 08/07/2019 14:06 (54), 07/22/2020 10:10 (17), 11/21/2023 09:44 (14), 07/21/2024 22:11 (23)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.