CVE-2019-1917

Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability

CVSS 9.1 CRITICALEPSS 5.3%CWE-287

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.1EPSS 5.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

17 jul 2019Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system. The REST API is enabled by default and cannot be disabled.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Produtos afetados

Cisco · Cisco Vision Dynamic Signage Director

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth http://www.securityfocus.com/bid/109301