Vulnerability Description
The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | 300 Series Managed Switch Firmware | 1.4.1 |
| Cisco | Sf300-08 | All versions |
| Cisco | Sf300-24 | All versions |
| Cisco | Sf300-24Mp | All versions |
| Cisco | Sf300-24P | All versions |
| Cisco | Sf300-24Pp | All versions |
| Cisco | Sf300-48 | All versions |
| Cisco | Sf300-48P | All versions |
| Cisco | Sf300-48Pp | All versions |
| Cisco | Sf302-08 | All versions |
| Cisco | Sf302-08Mp | All versions |
| Cisco | Sf302-08Mpp | All versions |
| Cisco | Sf302-08P | All versions |
| Cisco | Sf302-08Pp | All versions |
| Cisco | Sg300-10 | All versions |
| Cisco | Sg300-10Mp | All versions |
| Cisco | Sg300-10Mpp | All versions |
| Cisco | Sg300-10P | All versions |
| Cisco | Sg300-10Pp | All versions |
| Cisco | Sg300-10Sfp | All versions |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
FAQ
What is CVE-2016-1299?
CVE-2016-1299 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw8717...
How severe is CVE-2016-1299?
CVE-2016-1299 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1299?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco 300 Series Managed Switch Firmware, Cisco Sf300-08, Cisco Sf300-24, Cisco Sf300-24Mp, Cisco Sf300-24P.