Lucene search

[email protected]CVE-2019-1976

HistorySep 05, 2019 - 2:15 a.m.

CVE-2019-1976

2019-09-0502:15:13

CWE-200

[email protected]

web.nvd.nist.gov

113

cisco

ind

vulnerability

unauthorized access

sensitive information

cve-2019-1976

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.7%

JSON

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.

Affected configurations

NVD

Node

ciscoindustrial_network_directorRange<1.6.0

cisconetwork_level_serviceMatch1.6\(0.369\)

CPENameOperatorVersion
cisco:industrial_network_directorcisco industrial network directorlt1.6.0
cisco:network_level_servicecisco network level serviceeq1.6\(0.369\)

CPE	Name	Operator	Version
cisco:industrial_network_director	cisco industrial network director	lt	1.6.0
cisco:network_level_service	cisco network level service	eq	1.6\(0.369\)

CNA Affected

[
  {
    "product": "Cisco Industrial Network Director ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "1.6.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-ind

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.7%

JSON

Related for CVE-2019-1976

nvd1 prion1 cisco1 cvelist1