CVE-2019-1892

Name: CVE-2019-1892
Creator: NVD / NIST
Published: 2019-07-06T02:15:11.293+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.77%

Last modified Jun 17, 2026

CVE-2019-1892 is a vulnerability of currently unknown severity. A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. EPSS estimates a 1.77% chance of exploitation in the next 30 days.

Description

A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition.

Metrics

EPSS Probability

1.77%

75.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Sf200-24 Firmware	< 1.4.10.6
Cisco	Sf200-24p Firmware	< 1.4.10.6
Cisco	Sf200-48 Firmware	< 1.4.10.6
Cisco	Sf200-48p Firmware	< 1.4.10.6
Cisco	Sg200-18 Firmware	< 1.4.10.6
Cisco	Sg200-26 Firmware	< 1.4.10.6
Cisco	Sg200-26p Firmware	< 1.4.10.6
Cisco	Sg200-50 Firmware	< 1.4.10.6
Cisco	Sg200-50p Firmware	< 1.4.10.6
Cisco	Sg300-10 Firmware	< 1.4.10.6
Cisco	Sg300-10mp Firmware	< 1.4.10.6
Cisco	Sg300-10mpp Firmware	< 1.4.10.6
Cisco	Sg300-10sfp Firmware	< 1.4.10.6
Cisco	Sg300-10p Firmware	< 1.4.10.6
Cisco	Sg300-10pp Firmware	< 1.4.10.6
Cisco	Sg300-20 Firmware	< 1.4.10.6
Cisco	Sg300-28 Firmware	< 1.4.10.6
Cisco	Sg300-28p Firmware	< 1.4.10.6
Cisco	Sg300-28pp Firmware	< 1.4.10.6
Cisco	Sg300-28mp Firmware	< 1.4.10.6
Cisco	Sg300-28sfp Firmware	< 1.4.10.6
Cisco	Sg300-52 Firmware	< 1.4.10.6
Cisco	Sg300-52p Firmware	< 1.4.10.6
Cisco	Sg300-52mp Firmware	< 1.4.10.6
Cisco	Sf300-08 Firmware	< 1.4.10.6
Cisco	Sf302-08 Firmware	< 1.4.10.6
Cisco	Sf302-08mp Firmware	< 1.4.10.6
Cisco	Sf302-08p Firmware	< 1.4.10.6
Cisco	Sf302-08pp Firmware	< 1.4.10.6
Cisco	Sf302-08mpp Firmware	< 1.4.10.6
Cisco	Sf300-24 Firmware	< 1.4.10.6
Cisco	Sf300-24p Firmware	< 1.4.10.6
Cisco	Sf300-24mp Firmware	< 1.4.10.6
Cisco	Sf300-24pp Firmware	< 1.4.10.6
Cisco	Sf300-48 Firmware	< 1.4.10.6
Cisco	Sf300-48p Firmware	< 1.4.10.6
Cisco	Sf300-48pp Firmware	< 1.4.10.6
Cisco	Sf500-24 Firmware	< 1.4.10.6
Cisco	Sf500-24p Firmware	< 1.4.10.6
Cisco	Sf500-24mp Firmware	< 1.4.10.6
Cisco	Sf500-48 Firmware	< 1.4.10.6
Cisco	Sf500-48p Firmware	< 1.4.10.6
Cisco	Sf500-48mp Firmware	< 1.4.10.6
Cisco	Sg500-28 Firmware	< 1.4.10.6
Cisco	Sg500-28p Firmware	< 1.4.10.6
Cisco	Sg500-28mpp Firmware	< 1.4.10.6
Cisco	Sg500-52 Firmware	< 1.4.10.6
Cisco	Sg500-52p Firmware	< 1.4.10.6
Cisco	Sg500-52mp Firmware	< 1.4.10.6
Cisco	Sg500x-24 Firmware	< 1.4.10.6

Showing 50 of 57 affected configurations. See NVD for the full list.

References

Timeline

Published: Jul 6, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-1892?

How severe is CVE-2019-1892?

Severity scoring for CVE-2019-1892 is pending analysis. The EPSS model estimates a 1.77% probability of exploitation in the next 30 days.

How do I fix CVE-2019-1892?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-1892?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST