What is CVE-2019-1912?

CVE-2019-1912 is a critical-severity vulnerability in Cisco Small Business 220 Series Smart Plus Switches, classified under Improper Authorization. CVSS score: 9.1/10. Published 2019-08-07.

How severe is CVE-2019-1912?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2019-1912 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Cisco Small Business 220 Series Smart Plus Switches

CVE-2019-1912

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the…

EPSS: 0.122 (94.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.

Affected products

Cisco Small Business 220 Series Smart Plus Switches — versions unspecified

Weakness classification (CWE)

CWE-285 — Improper Authorization

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

20190806 Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability (vendor-advisory, x_refsource_CISCO)
packetstormsecurity.com/files/154667/Realtek-Managed-Switch-Controller-RTL83xx-… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-1912?: CVE-2019-1912 is a critical-severity vulnerability in Cisco Small Business 220 Series Smart Plus Switches, classified under Improper Authorization. CVSS score: 9.1/10. Published 2019-08-07.
How severe is CVE-2019-1912?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2019-1912 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.