CVE-2019-15993: Cisco Small Business Switches Information Disclosure Vulnerability
First published: Wed Sep 23 2020(Updated: )
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SG250X-24P Firmware | <2.5.0.92 | |
| Cisco SG250X-24 Firmware | ||
| Cisco SG250X-24 Firmware | <2.5.0.92 | |
| Cisco SG250X-24P Firmware | ||
| Cisco SG250X-48P Firmware | <2.5.0.92 | |
| Cisco SG250X-48 Firmware | ||
| Cisco SG250X-48P Firmware | <2.5.0.92 | |
| Cisco SG250X-48P Firmware | ||
| Cisco SG250-08HP Firmware | <2.5.0.92 | |
| Cisco SG250-08HP Firmware | ||
| Cisco SG250-08HP Firmware | <2.5.0.92 | |
| Cisco SG250-08HP Firmware | ||
| Cisco SG250-10P Firmware | <2.5.0.92 | |
| Cisco SG250-10P | ||
| Cisco SG250-18 | <2.5.0.92 | |
| Cisco SG250-18 Firmware | ||
| Cisco SG250-26P Firmware | <2.5.0.92 | |
| Cisco SG250-26 Firmware | ||
| Cisco SG250-26HP | <2.5.0.92 | |
| Cisco SG250-26HP Firmware | ||
| Cisco SG250-26P Firmware | <2.5.0.92 | |
| Cisco SG250-26P Firmware | ||
| Cisco SG250-50P Firmware | <2.5.0.92 | |
| Cisco SG250-50 Firmware | ||
| Cisco SG250-50HP Firmware | <2.5.0.92 | |
| Cisco SG250-50HP Firmware | ||
| Cisco SG250-50P Firmware | <2.5.0.92 | |
| Cisco SG250-50P Firmware | ||
| Cisco SF250-24 Firmware | <2.5.0.92 | |
| Cisco SF250-24 Firmware | ||
| Cisco SF250-24P Firmware | <2.5.0.92 | |
| Cisco SF250-24P Firmware | ||
| Cisco SF250-48 | <2.5.0.92 | |
| Cisco SF250-48HP Firmware | ||
| Cisco SF250-48HP Firmware | <2.5.0.92 | |
| Cisco SF250-48HP Firmware | ||
| Cisco SG350-10P | <2.5.0.92 | |
| Cisco SG350-10 Firmware | ||
| Cisco SG350-10P | <2.5.0.92 | |
| Cisco SG350-10P | ||
| Cisco SG350-10MP Firmware | <2.5.0.92 | |
| Cisco SG350-10MP Firmware | ||
| Cisco SG355-10P | <2.5.0.92 | |
| Cisco SG355-10P | ||
| Cisco SG350-28P Firmware | <2.5.0.92 | |
| Cisco SG350-28 Firmware | ||
| Cisco SG350-28P Firmware | <2.5.0.92 | |
| Cisco SG350-28P Firmware | ||
| Cisco SG350-28MP Firmware | <2.5.0.92 | |
| Cisco SG350-28MP Firmware | ||
| Cisco SF350-48 Firmware | <2.5.0.92 | |
| Cisco SF350-48 Firmware | ||
| Cisco SF350-48P Firmware | <2.5.0.92 | |
| Cisco SF350-48P Firmware | ||
| Cisco SF350-48MP Firmware | <2.5.0.92 | |
| Cisco SF350-48MP Firmware | ||
| Cisco SG350XG-2F10 | <2.5.0.92 | |
| Cisco SG350XG-2F10 Firmware | ||
| Cisco SG350XG-24F Firmware | <2.5.0.92 | |
| Cisco SG350XG-24F Firmware | ||
| Cisco SG350XG-24F Firmware | <2.5.0.92 | |
| Cisco SG350XG-24F Firmware | ||
| Cisco SG350XG-48T Firmware | <2.5.0.92 | |
| Cisco SG350XG-48T Firmware | ||
| Cisco SG350X-24P Firmware | <2.5.0.92 | |
| Cisco SG350X-24 Firmware | ||
| Cisco SG350X-24 Firmware | <2.5.0.92 | |
| Cisco SG350X-24 Firmware | ||
| Cisco SG350X-24MP | <2.5.0.92 | |
| Cisco SG350X-24MP Firmware | ||
| Cisco SG350X-48 Firmware | <2.5.0.92 | |
| Cisco SG350X-48 Firmware | ||
| Cisco SG350X-48P Firmware | <2.5.0.92 | |
| Cisco SG350X-48P Firmware | ||
| Cisco SG350X-48MP | <2.5.0.92 | |
| Cisco SG350X-48MP Firmware | ||
| Cisco SX550X Firmware | <2.5.0.92 | |
| Cisco SX550X-16FT Firmware | ||
| Cisco SX550X Firmware | <2.5.0.92 | |
| Cisco SX550X-24FT Firmware | ||
| Cisco SX550X-12F Firmware | <2.5.0.92 | |
| Cisco SX550X-12F Firmware | ||
| Cisco SX550X Firmware | <2.5.0.92 | |
| Cisco SX550X-24F Firmware | ||
| Cisco SX550X Firmware | <2.5.0.92 | |
| Cisco SX550X-24F Firmware | ||
| Cisco SX550X-52 | <2.5.0.92 | |
| Cisco SX550X-52 | ||
| Cisco SG550X-24P Firmware | <2.5.0.92 | |
| Cisco SG550X-24 Firmware | ||
| Cisco SG550X-24P Firmware | <2.5.0.92 | |
| Cisco SG550X-24P Firmware | ||
| Cisco SG550X-24MP Firmware | <2.5.0.92 | |
| Cisco SG550X-24MP Firmware | ||
| Cisco SG550X-24MPP Firmware | <2.5.0.92 | |
| Cisco SG550X-24MPP Firmware | ||
| Cisco SG550X-48MP Firmware | <2.5.0.92 | |
| Cisco SG550X-48 Firmware | ||
| Cisco SG550X-48P Firmware | <2.5.0.92 | |
| Cisco SG550X-48P Firmware | ||
| Cisco SG550X-48MP Firmware | <2.5.0.92 | |
| Cisco SG550X-48MP Firmware | ||
| Cisco SF550X-24P | <2.5.0.92 | |
| Cisco SF550X-24 Firmware | ||
| Cisco SF550X-24P | <2.5.0.92 | |
| Cisco SF550X-24P Firmware | ||
| Cisco SF550X-24MP Firmware | <2.5.0.92 | |
| Cisco SF550X-24MP Firmware | ||
| Cisco SF550X-48 | <2.5.0.92 | |
| Cisco SF550X-48 Firmware | ||
| Cisco SF550X-48P Firmware | <2.5.0.92 | |
| Cisco SG550X-48P | ||
| Cisco SG550X-48MP Firmware | <2.5.0.92 | |
| Cisco SF550X-48MP Firmware | ||
| Cisco SG200-50P Firmware | <1.4.11.4 | |
| Cisco SG200-50FP | ||
| Cisco SG200-50P Firmware | <1.4.11.4 | |
| Cisco SG200-50P Firmware | ||
| Cisco SG200-50 Firmware | <1.4.11.4 | |
| Cisco SG200-50 Firmware | ||
| Cisco SG200-26P Firmware | <1.4.11.4 | |
| Cisco SG200-26P Firmware | ||
| Cisco SG200-26 Firmware | <1.4.11.4 | |
| Cisco SG200-26P Firmware | ||
| Cisco SG200-26FP Firmware | <1.4.11.4 | |
| Cisco SG200-26FP Firmware | ||
| Cisco SG200-18 Firmware | <1.4.11.4 | |
| Cisco SG200-18 Firmware | ||
| Cisco SG200-10FP Firmware | <1.4.11.4 | |
| Cisco SG200-10FP Firmware | ||
| Cisco SG200-08 | <1.4.11.4 | |
| Cisco SG200-08 Firmware | ||
| Cisco SG200-08P Firmware | <1.4.11.4 | |
| Cisco SG200-08P Firmware | ||
| Cisco SF200-24 Firmware | <1.4.11.4 | |
| Cisco SF200-24P | ||
| Cisco SF200-24P Firmware | <1.4.11.4 | |
| Cisco SF200-24P Firmware | ||
| Cisco SF200-24FP Firmware | <1.4.11.4 | |
| Cisco SF200-24FP Firmware | ||
| Cisco SF200-48 Firmware | <1.4.11.4 | |
| Cisco SF200-48 Firmware | ||
| Cisco SF200-48P Firmware | <1.4.11.4 | |
| Cisco SF200-48P Firmware | ||
| Cisco SF302-08 | <1.4.11.4 | |
| Cisco SF302-08 | ||
| Cisco SF302-08 | <1.4.11.4 | |
| Cisco SF302-08 | ||
| Cisco SG300-10PP | <1.4.11.4 | |
| Cisco SG300-10 Firmware | ||
| Cisco SG300-10MPP Firmware | <1.4.11.4 | |
| Cisco SG300-10MPP Firmware | ||
| Cisco SF300-24P | <1.4.11.4 | |
| Cisco SF300-24PP Firmware | ||
| Cisco SF300-48PP Firmware | <1.4.11.4 | |
| Cisco SF300-48PP Firmware | ||
| Cisco SG300-28PP Firmware | <1.4.11.4 | |
| Cisco SG300-28PP Firmware | ||
| Cisco SF300-08 Firmware | <1.4.11.4 | |
| Cisco SF300-08 Firmware | ||
| Cisco SF300-48P Firmware | <1.4.11.4 | |
| Cisco SF300-48P Firmware | ||
| Cisco SG300-10MP Firmware | <1.4.11.4 | |
| Cisco SG300-10MP Firmware | ||
| Cisco SG300-10P Firmware | <1.4.11.4 | |
| Cisco SG300-10P Firmware | ||
| Cisco SG300 Series Firmware | <1.4.11.4 | |
| Cisco SG300-10 Firmware | ||
| Cisco SG300-28P Firmware | <1.4.11.4 | |
| Cisco SG300-28P | ||
| Cisco SF300-24P | <1.4.11.4 | |
| Cisco SF300-24 Firmware | ||
| Cisco SF302-08 | <1.4.11.4 | |
| Cisco SF302-08 | ||
| Cisco SG300-28P | <1.4.11.4 | |
| Cisco SG300-28 Firmware | ||
| Cisco SF300-48P Firmware | <1.4.11.4 | |
| Cisco SF300-48P | ||
| Cisco SG300 Series Firmware | <1.4.11.4 | |
| Cisco SG300-20 Firmware | ||
| Cisco SF302-08P | <1.4.11.4 | |
| Cisco SF302-08 | ||
| Cisco SG300 Series Firmware | <1.4.11.4 | |
| Cisco SG300-52P | ||
| Cisco SF300-24P Firmware | <1.4.11.4 | |
| Cisco SF300-24 Firmware | ||
| Cisco SF302-08 Firmware | <1.4.11.4 | |
| Cisco SF302-08 Firmware | ||
| Cisco SF300-24MP Firmware | <1.4.11.4 | |
| Cisco SF300-24MP Firmware | ||
| Cisco SG300 Series Firmware | <1.4.11.4 | |
| Cisco SG300-10SFP Firmware | ||
| Cisco SG300-28MP | <1.4.11.4 | |
| Cisco SG300-28MP | ||
| Cisco SG300-52P Firmware | <1.4.11.4 | |
| Cisco SG300-52P Firmware | ||
| Cisco SG300-52MP Firmware | <1.4.11.4 | |
| Cisco SG300-52MP Firmware | ||
| Cisco SG500-28PP Firmware | <1.4.11.4 | |
| Cisco SG500-28MPP Firmware | ||
| Cisco SG500-52MP | <1.4.11.4 | |
| Cisco SG500-52 | ||
| Cisco SG500XG-8F8T | <1.4.11.4 | |
| Cisco SG500XG-8F8T Firmware | ||
| Cisco SF500-24 | <1.4.11.4 | |
| Cisco SF500-24MP | ||
| Cisco SF500-24P | <1.4.11.4 | |
| Cisco SF500-24P Firmware | ||
| Cisco SF500-48P Firmware | <1.4.11.4 | |
| Cisco SF500-48 Firmware | ||
| Cisco 500 Series Switch Firmware | <1.4.11.4 | |
| Cisco SF500-48 Firmware | ||
| Cisco SG500-28 | <1.4.11.4 | |
| Cisco SG500-28PP Firmware | ||
| Cisco SG500-28P | <1.4.11.4 | |
| Cisco SG500-28P | ||
| Cisco SG500-52P | <1.4.11.4 | |
| Cisco SG500-52 Firmware | ||
| Cisco SG500-52P | <1.4.11.4 | |
| Cisco SG500-52P | ||
| Cisco SG500X-24 | <1.4.11.4 | |
| Cisco SG500X-24P | ||
| Cisco SG500X-24P | <1.4.11.4 | |
| Cisco SG500X-24P | ||
| Cisco SG500X-48 | <1.4.11.4 | |
| Cisco SG500X-48MP Firmware | ||
| Cisco SG500X-48P | <1.4.11.4 | |
| Cisco SG500X-48P |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-15993?
The severity of CVE-2019-15993 is rated as medium due to its potential to allow unauthorized access to sensitive information.
How do I fix CVE-2019-15993?
To fix CVE-2019-15993, it is recommended to update affected Cisco Small Business Switches to the latest firmware version available.
What types of devices are affected by CVE-2019-15993?
CVE-2019-15993 affects various models of Cisco Small Business Switches including the SG250, SG350, and SF250 series.
Can CVE-2019-15993 be exploited remotely?
Yes, CVE-2019-15993 can be exploited remotely by an unauthenticated attacker through the web UI without proper authentication controls.
What kind of information could be exposed due to CVE-2019-15993?
CVE-2019-15993 could expose sensitive device information including configuration settings and current operational states.
- agent/weakness
- agent/references
- agent/type
- agent/author
- agent/description
- agent/severity
- agent/title
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco sg250x-24p firmware
- canonical/cisco sg250x-24 firmware
- canonical/cisco sg250x-48p firmware
- canonical/cisco sg250x-48 firmware
- canonical/cisco sg250-08hp firmware
- canonical/cisco sg250-10p firmware
- canonical/cisco sg250-10p
- canonical/cisco sg250-18
- canonical/cisco sg250-18 firmware
- canonical/cisco sg250-26p firmware
- canonical/cisco sg250-26 firmware
- canonical/cisco sg250-26hp
- canonical/cisco sg250-26hp firmware
- canonical/cisco sg250-50p firmware
- canonical/cisco sg250-50 firmware
- canonical/cisco sg250-50hp firmware
- canonical/cisco sf250-24 firmware
- canonical/cisco sf250-24p firmware
- canonical/cisco sf250-48
- canonical/cisco sf250-48hp firmware
- canonical/cisco sg350-10p
- canonical/cisco sg350-10 firmware
- canonical/cisco sg350-10mp firmware
- canonical/cisco sg355-10p
- canonical/cisco sg350-28p firmware
- canonical/cisco sg350-28 firmware
- canonical/cisco sg350-28mp firmware
- canonical/cisco sf350-48 firmware
- canonical/cisco sf350-48p firmware
- canonical/cisco sf350-48mp firmware
- canonical/cisco sg350xg-2f10
- canonical/cisco sg350xg-2f10 firmware
- canonical/cisco sg350xg-24f firmware
- canonical/cisco sg350xg-48t firmware
- canonical/cisco sg350x-24p firmware
- canonical/cisco sg350x-24 firmware
- canonical/cisco sg350x-24mp
- canonical/cisco sg350x-24mp firmware
- canonical/cisco sg350x-48 firmware
- canonical/cisco sg350x-48p firmware
- canonical/cisco sg350x-48mp
- canonical/cisco sg350x-48mp firmware
- canonical/cisco sx550x firmware
- canonical/cisco sx550x-16ft firmware
- canonical/cisco sx550x-24ft firmware
- canonical/cisco sx550x-12f firmware
- canonical/cisco sx550x-24f firmware
- canonical/cisco sx550x-52
- canonical/cisco sg550x-24p firmware
- canonical/cisco sg550x-24 firmware
- canonical/cisco sg550x-24mp firmware
- canonical/cisco sg550x-24mpp firmware
- canonical/cisco sg550x-48mp firmware
- canonical/cisco sg550x-48 firmware
- canonical/cisco sg550x-48p firmware
- canonical/cisco sf550x-24p
- canonical/cisco sf550x-24 firmware
- canonical/cisco sf550x-24p firmware
- canonical/cisco sf550x-24mp firmware
- canonical/cisco sf550x-48
- canonical/cisco sf550x-48 firmware
- canonical/cisco sf550x-48p firmware
- canonical/cisco sg550x-48p
- canonical/cisco sf550x-48mp firmware
- canonical/cisco sg200-50p firmware
- canonical/cisco sg200-50fp
- canonical/cisco sg200-50 firmware
- canonical/cisco sg200-26p firmware
- canonical/cisco sg200-26 firmware
- canonical/cisco sg200-26fp firmware
- canonical/cisco sg200-18 firmware
- canonical/cisco sg200-10fp firmware
- canonical/cisco sg200-08
- canonical/cisco sg200-08 firmware
- canonical/cisco sg200-08p firmware
- canonical/cisco sf200-24 firmware
- canonical/cisco sf200-24p
- canonical/cisco sf200-24p firmware
- canonical/cisco sf200-24fp firmware
- canonical/cisco sf200-48 firmware
- canonical/cisco sf200-48p firmware
- canonical/cisco sf302-08
- canonical/cisco sg300-10pp
- canonical/cisco sg300-10 firmware
- canonical/cisco sg300-10mpp firmware
- canonical/cisco sf300-24p
- canonical/cisco sf300-24pp firmware
- canonical/cisco sf300-48pp firmware
- canonical/cisco sg300-28pp firmware
- canonical/cisco sf300-08 firmware
- canonical/cisco sf300-48p firmware
- canonical/cisco sg300-10mp firmware
- canonical/cisco sg300-10p firmware
- canonical/cisco sg300 series firmware
- canonical/cisco sg300-28p firmware
- canonical/cisco sg300-28p
- canonical/cisco sf300-24 firmware
- canonical/cisco sg300-28 firmware
- canonical/cisco sf300-48p
- canonical/cisco sg300-20 firmware
- canonical/cisco sf302-08p
- canonical/cisco sg300-52p
- canonical/cisco sf300-24p firmware
- canonical/cisco sf302-08 firmware
- canonical/cisco sf300-24mp firmware
- canonical/cisco sg300-10sfp firmware
- canonical/cisco sg300-28mp
- canonical/cisco sg300-52p firmware
- canonical/cisco sg300-52mp firmware
- canonical/cisco sg500-28pp firmware
- canonical/cisco sg500-28mpp firmware
- canonical/cisco sg500-52mp
- canonical/cisco sg500-52
- canonical/cisco sg500xg-8f8t
- canonical/cisco sg500xg-8f8t firmware
- canonical/cisco sf500-24
- canonical/cisco sf500-24mp
- canonical/cisco sf500-24p
- canonical/cisco sf500-24p firmware
- canonical/cisco sf500-48p firmware
- canonical/cisco sf500-48 firmware
- canonical/cisco 500 series switch firmware
- canonical/cisco sg500-28
- canonical/cisco sg500-28p
- canonical/cisco sg500-52p
- canonical/cisco sg500-52 firmware
- canonical/cisco sg500x-24
- canonical/cisco sg500x-24p
- canonical/cisco sg500x-48
- canonical/cisco sg500x-48mp firmware
- canonical/cisco sg500x-48p