How severe is CVE-2019-1912?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2019-1912?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2019-1912 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell. This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default.

Related Vulnerabilities

CVE-2017-16726

CRITICAL

CVSS:9.1(Critical)

Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not i...

CWE-2852017

CVE-2019-17631

CRITICAL

CVSS:9.1(Critical)

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

CWE-2852019

CVE-2020-15084

CRITICAL

CVSS:9.1(Critical)

In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, wit...

CWE-2852020

CVE-2021-28506

CRITICAL

CVSS:9.1(Critical)

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.

CWE-2852021

CVE-2021-41974

CRITICAL

CVSS:9.1(Critical)

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.

CWE-2852021

CVE-2021-41975

CRITICAL

CVSS:9.1(Critical)

TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.

CWE-2852021