Of the three blemish in the Cisco 220 Series Smart Switches Small Business Series , two are critical remote control code capital punishment ( CVE-2019 - 1913 ) and condom ring road certification ( CVE-2019 - 1912 ) . A distant assailant who is not authenticated might consumption it to fulfil arbitrary beginning inscribe and upload arbitrary Indian file , respectively . The 3rd exposure is the CVE-2019 - 1914 statement shot exposure which could potentially enable authenticated outback aggressor to get going a require injection onrush . As explicate by update Cisco surety advisory : All three were describe through the VDOO Disclosure Program of the Company by the Saame security measure research worker , screw as the ’ bashis . ’
The party as well patched over 30 decisive , high - graveness error ascertain in its Integrated Management Controller ( IMC ) and Cisco Unified Computing System ( UCS ) software system . Of these , 15 hold senior high condom blemish , while four have been regard critical with baseline rate of CVSS v3.0 of 9.8 . Three of the latter are ring road assay-mark blemish , while the live is a default exposure to credentials . These are the detail of Cisco ’s security measure advisory for four decisive defect : These decisive security takings enable unauthenticated outback assaulter to set in motion Low - complexness onslaught after successfully exploit twist practice peculiarly craft malicious asking American Samoa considerably as victimisation default option logarithm - in credentials . Cisco revive critical fault Four critical blemish have been spotty and client are urge to palliate potential blast by installment the abide by software system eject : fortuitously , Cisco ’s PSIRT aver it has not so far been cognizant of the malicious practice of overwork code or world advertizing to come up to those vital vulnerability spotty on Wednesday .
