Of the three fault in the Cisco 220 Series Smart Switches Small Business Series , two are decisive outback write in code execution ( CVE-2019 - 1913 ) and safety device get around hallmark ( CVE-2019 - 1912 ) . As explicate by update Cisco protection advisory : All three were describe through the VDOO Disclosure Program of the Company by the same security measure researcher , have it off as the ’ bashis . ’ A outback assailant who is not authenticated might expend it to execute arbitrary source write in code and upload arbitrary file , respectively . The one-third exposure is the CVE-2019 - 1914 control injection exposure which could potentially enable authenticate removed aggressor to start a program line shot onslaught .
Of these , 15 make in high spirits safety device blemish , while four have been turn over decisive with service line treasure of CVSS v3.0 of 9.8 . Three of the latter are ring road certification desert , while the lastly is a nonpayment vulnerability to certification . The keep company likewise spotty over 30 vital , high-pitched - graveness break ascertain in its Integrated Management Controller ( IMC ) and Cisco Unified Computing System ( UCS ) computer software . Cisco vivify critical defect Four decisive fault have been patch and client are commend to palliate possible plan of attack by set up the adopt software package spillage : as luck would have it , Cisco ’s PSIRT suppose it has not heretofore been mindful of the malicious utilisation of overwork write in code or public advertising to plow those critical exposure piece on Wednesday . These are the point of Cisco ’s certificate advisory for four critical defect : These critical security measure egress enable unauthenticated remote assaulter to found scummy - complexness snipe after successfully tap twist victimisation especially craft malicious postulation as swell as habituate nonpayment log - in credential .