CVE-2019-15993

MEDIUM

Cisco Small Business Switches - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15993.

AI-analyzed exploit summary This exploit targets an information disclosure vulnerability in Dell EMC Networking PC5500 firmware and Cisco Sx/SMB devices. It retrieves SHA1 password hashes from the device's admin user settings and attempts to crack them using a provided password file.

Description

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.

Exploits (1)

exploitdb WORKING POC

pythonremotehardware

https://www.exploit-db.com/exploits/51248

View Code ZIP pw:eip

This exploit targets an information disclosure vulnerability in Dell EMC Networking PC5500 firmware and Cisco Sx/SMB devices. It retrieves SHA1 password hashes from the device's admin user settings and attempts to crack them using a provided password file.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Dell EMC Networking PC5500 firmware versions 4.1.0.22, Cisco Sx/SMB, Dell X & VRTX, Netgear (Various)

No auth needed

Prerequisites: Network access to the target device · A password file for hash comparison

MITRE ATT&CK

T1552 - Unsecured Credentials T1110 - Brute Force

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200129-smlbus-switch-disclos

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html

Scores

CVSS v3 5.3

EPSS 0.1027

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-16 CWE-287

Status published

Products (50)

cisco/sf200-24_firmware < 1.4.11.4

cisco/sf200-24fp_firmware < 1.4.11.4

cisco/sf200-24p_firmware < 1.4.11.4

cisco/sf200-48_firmware < 1.4.11.4

cisco/sf200-48p_firmware < 1.4.11.4

cisco/sf250-24_firmware < 2.5.0.92

cisco/sf250-24p_firmware < 2.5.0.92

cisco/sf250-48_firmware < 2.5.0.92

cisco/sf250-48hp_firmware < 2.5.0.92

cisco/sf300-08_firmware < 1.4.11.4

... and 40 more

Published Sep 23, 2020

Tracked Since Feb 18, 2026