Strix
26.1K

CVE-2019-1859

HIGHCVSS 7.2/10EPSS 0.85%

Last modified

CVE-2019-1859 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. EPSS estimates a 0.85% chance of exploitation in the next 30 days.

Description

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default.

Metrics

CVSS 3.1
7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.85%

53.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoSg200-50 Firmware< 1.4.10.6
CiscoSg200-50p Firmware< 1.4.10.6
CiscoSg200-50fp Firmware< 1.4.10.6
CiscoSg200-26 Firmware< 1.4.10.6
CiscoSg200-26p Firmware< 1.4.10.6
CiscoSg200-26fp Firmware< 1.4.10.6
CiscoSg200-18 Firmware< 1.4.10.6
CiscoSg200-10fp Firmware< 1.4.10.6
CiscoSg200-08 Firmware< 1.4.10.6
CiscoSg200-08p Firmware< 1.4.10.6
CiscoSf200-24 Firmware< 1.4.10.6
CiscoSf200-24p Firmware< 1.4.10.6
CiscoSf200-24fp Firmware< 1.4.10.6
CiscoSf200-48 Firmware< 1.4.10.6
CiscoSf200-48p Firmware< 1.4.10.6
CiscoSf302-08pp Firmware< 1.4.10.6
CiscoSf302-08mpp Firmware< 1.4.10.6
CiscoSg300-10pp Firmware< 1.4.10.6
CiscoSg300-10mpp Firmware< 1.4.10.6
CiscoSf300-24pp Firmware< 1.4.10.6
CiscoSf300-48pp Firmware< 1.4.10.6
CiscoSg300-28pp Firmware< 1.4.10.6
CiscoSf300-08 Firmware< 1.4.10.6
CiscoSf300-48p Firmware< 1.4.10.6
CiscoSg300-10mp Firmware< 1.4.10.6
CiscoSg300-10p Firmware< 1.4.10.6
CiscoSg300-10 Firmware< 1.4.10.6
CiscoSg300-28p Firmware< 1.4.10.6
CiscoSf300-24p Firmware< 1.4.10.6
CiscoSf302-08mp Firmware< 1.4.10.6
CiscoSg300-28 Firmware< 1.4.10.6
CiscoSf300-48 Firmware< 1.4.10.6
CiscoSg300-20 Firmware< 1.4.10.6
CiscoSf302-08p Firmware< 1.4.10.6
CiscoSg300-52 Firmware< 1.4.10.6
CiscoSf300-24 Firmware< 1.4.10.6
CiscoSf302-08 Firmware< 1.4.10.6
CiscoSf300-24mp Firmware< 1.4.10.6
CiscoSg300-10sfp Firmware< 1.4.10.6
CiscoSg300-28mp Firmware< 1.4.10.6
CiscoSg300-52p Firmware< 1.4.10.6
CiscoSg300-52mp Firmware< 1.4.10.6
CiscoSg500-28mpp Firmware< 1.4.10.6
CiscoSg500-52mp Firmware< 1.4.10.6
CiscoSg500xg-8f8t Firmware< 1.4.10.6
CiscoSf500-24 Firmware< 1.4.10.6
CiscoSf500-24p Firmware< 1.4.10.6
CiscoSf500-48 Firmware< 1.4.10.6
CiscoSf500-48p Firmware< 1.4.10.6
CiscoSg500-28 Firmware< 1.4.10.6

Showing 50 of 114 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-1859?
A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default.
How severe is CVE-2019-1859?
CVE-2019-1859 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 0.85% probability of exploitation in the next 30 days.
How do I fix CVE-2019-1859?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-1859?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST