How severe is CVE-2019-1859?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2019-1859?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2019-1859 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default.

Related Vulnerabilities

CVE-2015-3656

HIGH

CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authoriz...

CWE-2852015

CVE-2016-10848

HIGH

CVSS:7.2(High)

cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).

CWE-2852016

CVE-2017-12160

HIGH

CVSS:7.2(High)

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission rev...

CWE-2852017

CVE-2017-8777

HIGH

CVSS:7.2(High)

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.

CWE-2852017

CVE-2018-14666

HIGH

CVSS:7.2(High)

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organizat...

CWE-2852018

CVE-2019-7479

HIGH

CVSS:7.2(High)

A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6...

CWE-2852019