Security readout for executives and security teams
Plain-English summary
This flaw can weaken SSH login protection on affected Cisco Small Business 200 Series Smart Switches. If certificate-based client authentication is enabled, an attacker can force SSH to fall back to password authentication. The main business risk is administrative access if devices still use default or weak credentials, exposing network configuration and control.
Executive priority
Treat as high priority for managed network infrastructure, especially internet- or broadly reachable switch management interfaces. Urgency is lower where SSH is restricted, certificate authentication is disabled, and strong non-default credentials are enforced.
Technical view
In affected Cisco Small Business 200 Series Smart Switches software, OpenSSH mishandles SSH authentication, allowing bypass of client-side certificate authentication and fallback to password authentication. Cisco rates it CVSS 3.0 7.2, high severity, with network reachability, low attack complexity, and high confidentiality, integrity, and availability impact.
Likely exposure
Exposure is most likely where affected switches allow SSH access, client-side certificate authentication is enabled, and default or weak administrative passwords remain. The provided bundle identifies Cisco Small Business 200 Series Smart Switches only; broader product impact is not assumed.
Exploitation context
The bundle does not show CISA KEV listing or confirmed active exploitation. Cisco describes exploitation as an SSH connection attempt that causes fallback to password authentication, with administrative access possible if default credentials were not changed.
Researcher notes
The record attributes the issue to OpenSSH authentication handling in Cisco Small Business switch software. Evidence supports authentication downgrade to password auth, not direct password bypass. No workaround is listed, but Cisco recommends disabling client-side certificate authentication and using strong password authentication.
Mitigation direction
- Check Cisco advisory guidance for fixed software or model-specific instructions.
- Disable client-side certificate authentication if it is enabled.
- Use strong, non-default administrative passwords for switch management.
- Restrict SSH management access to trusted administrative networks.
- Inventory affected Cisco Small Business 200 Series switches.
Validation and detection
- Identify deployed Cisco Small Business 200 Series Smart Switches.
- Confirm whether SSH management is enabled and reachable.
- Check whether client-side certificate authentication is enabled.
- Verify default credentials have been changed everywhere.
- Review Cisco advisory status for the installed software version.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-285: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCredential and access behavior lookup
The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
Open ATT&CK lookupCVE-2019-1859 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- High
- CVSS
- 7.2 (3.0)
- Known Exploited
- No
- Published
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H1.25.9Primary CVE scoreVulnerability scoring details
Base CVSS 3.0 score
7.2HighVector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source materials
- CVE List V5 sourceCVE List V5
- 20190501 Cisco Small Business Switches Secure Shell Certificate Authentication Bypass VulnerabilityCVE reference · vendor-advisory, x_refsource_CISCO
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
Improper Authorization
Improper Authorization represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
