CVE-2016-1472

Published: Sep 2, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238.

Affected (3)

Products: Cisco: Small Business 220 Series Smart Plus Switches

1 product

Small Business 220 Series Smart Plus Switches

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.17
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.18
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.19

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps2

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/92707

Source: psirt@cisco.com

http://www.securitytracker.com/id/1036724

Source: psirt@cisco.com

http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_dos.pdf

Source: psirt@cisco.com

Third Party Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps2

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92707

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036724

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_dos.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.