CVE-2019-19632
Description
An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated stored XSS in Big Switch products allows attackers to execute JavaScript in admin contexts, leading to full system compromise.
Vulnerability
An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker can inject stored arbitrary JavaScript (cross-site scripting) that is executed in the context of authenticated administrators [1]. The vulnerability is classified as high severity [1].
Exploitation
An unauthenticated attacker can inject the malicious script without requiring any prior authentication or special network access. The injected script is stored by the application, and subsequently served to authenticated administrators when they view the affected pages. The attacker does not need to be on the same network segment or have any privileged position. The exploitation requires no user interaction beyond the administrator viewing the infected page [1].
Impact
Successful exploitation allows an unauthenticated remote attacker to execute arbitrary JavaScript in the context of an authenticated administrator. This can lead to full administrative access to the Big Monitoring Fabric application and, due to the nature of the application, SSH console access to the underlying system. The attacker can effectively take complete control of the affected appliance [1].
Mitigation
The vendor released patched versions: Big Monitoring Fabric 6.2.4, 6.3.9, 7.0.3, 7.1.4; Big Cloud Fabric 4.5.5, 4.7.7, 5.0.1, 5.1.4; and Multi-Cloud Director 1.1.0 [1]. Users should upgrade to these versions or later. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog as of this writing.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Big Switch/Big Monitoring Fabricdescription
- Range: <=1.1.0
- Range: >=6.2, <=6.2.4, >=6.3, <=6.3.9, >=7.0, <=7.0.3, >=7.1, <=7.1.3
- Range: >=4.5, <=4.5.5, >=4.7, <=4.7.7, >=5.0, <=5.0.1, >=5.1, <=5.1.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- know.bishopfox.com/advisoriesmitrex_refsource_MISC
- know.bishopfox.com/advisories/big-monitoring-fabricmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.