Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

TTCSIRT-223.082719: TT-CSIRT Advisory – Cisco Security Updates

26th August 2019

Cisco has released a security update stating that it has discovered the following issues in Cisco Small Business 220 Series Smart Switches:

a) An authentication bypass vulnerability which could allow for remote file upload due to incomplete authorization checks in the web management interface – (CVE-2019-1912).

b) A command injection vulnerability could allow for arbitrary code execution by an authenticated attacker due to insufficient validation of user-supplied input – (CVE-2019-1914).

An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer.

Further information on these vulnerabilities and how they can be mitigated can be found on the Cisco Website at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-auth_bypass