CVE-2019-15993

Name: CVE-2019-15993
Creator: NVD / NIST
Published: 2020-09-23T01:15:13.41+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 10.27%

Last modified Jun 17, 2026

CVE-2019-15993 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. EPSS estimates a 10.27% chance of exploitation in the next 30 days.

Description

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

10.27%

95.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Sg250x-24 Firmware	< 2.5.0.92
Cisco	Sg250x-24p Firmware	< 2.5.0.92
Cisco	Sg250x-48 Firmware	< 2.5.0.92
Cisco	Sg250x-48p Firmware	< 2.5.0.92
Cisco	Sg250-08 Firmware	< 2.5.0.92
Cisco	Sg250-08hp Firmware	< 2.5.0.92
Cisco	Sg250-10p Firmware	< 2.5.0.92
Cisco	Sg250-18 Firmware	< 2.5.0.92
Cisco	Sg250-26 Firmware	< 2.5.0.92
Cisco	Sg250-26hp Firmware	< 2.5.0.92
Cisco	Sg250-26p Firmware	< 2.5.0.92
Cisco	Sg250-50 Firmware	< 2.5.0.92
Cisco	Sg250-50hp Firmware	< 2.5.0.92
Cisco	Sg250-50p Firmware	< 2.5.0.92
Cisco	Sf250-24 Firmware	< 2.5.0.92
Cisco	Sf250-24p Firmware	< 2.5.0.92
Cisco	Sf250-48 Firmware	< 2.5.0.92
Cisco	Sf250-48hp Firmware	< 2.5.0.92
Cisco	Sg350-10 Firmware	< 2.5.0.92
Cisco	Sg350-10p Firmware	< 2.5.0.92
Cisco	Sg350-10mp Firmware	< 2.5.0.92
Cisco	Sg355-10p Firmware	< 2.5.0.92
Cisco	Sg350-28 Firmware	< 2.5.0.92
Cisco	Sg350-28p Firmware	< 2.5.0.92
Cisco	Sg350-28mp Firmware	< 2.5.0.92
Cisco	Sf350-48 Firmware	< 2.5.0.92
Cisco	Sf350-48p Firmware	< 2.5.0.92
Cisco	Sf350-48mp Firmware	< 2.5.0.92
Cisco	Sg350xg-2f10 Firmware	< 2.5.0.92
Cisco	Sg350xg-24f Firmware	< 2.5.0.92
Cisco	Sg350xg-24t Firmware	< 2.5.0.92
Cisco	Sg350xg-48t Firmware	< 2.5.0.92
Cisco	Sg350x-24 Firmware	< 2.5.0.92
Cisco	Sg350x-24p Firmware	< 2.5.0.92
Cisco	Sg350x-24mp Firmware	< 2.5.0.92
Cisco	Sg350x-48 Firmware	< 2.5.0.92
Cisco	Sg350x-48p Firmware	< 2.5.0.92
Cisco	Sg350x-48mp Firmware	< 2.5.0.92
Cisco	Sx550x-16ft Firmware	< 2.5.0.92
Cisco	Sx550x-24ft Firmware	< 2.5.0.92
Cisco	Sx550x-12f Firmware	< 2.5.0.92
Cisco	Sx550x-24f Firmware	< 2.5.0.92
Cisco	Sx550x-24 Firmware	< 2.5.0.92
Cisco	Sx550x-52 Firmware	< 2.5.0.92
Cisco	Sg550x-24 Firmware	< 2.5.0.92
Cisco	Sg550x-24p Firmware	< 2.5.0.92
Cisco	Sg550x-24mp Firmware	< 2.5.0.92
Cisco	Sg550x-24mpp Firmware	< 2.5.0.92
Cisco	Sg550x-48 Firmware	< 2.5.0.92
Cisco	Sg550x-48p Firmware	< 2.5.0.92

Showing 50 of 114 affected configurations. See NVD for the full list.

References

Timeline

Published: Sep 23, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-15993?

How severe is CVE-2019-15993?

CVE-2019-15993 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 10.27% probability of exploitation in the next 30 days.

How do I fix CVE-2019-15993?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-15993?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST