CVE-2019-16004

Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability

CVSS 6.5 MEDIUMEPSS 1.0%CWE-306

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.5EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

23 set 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Produtos afetados

Cisco · Cisco Vision Dynamic Signage Director

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-vdsd-auth-bypass