Lucene search

CiscoCVELIST:CVE-2019-16004

HistorySep 23, 2020 - 12:26 a.m.

CVE-2019-16004 Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability

2020-09-2300:26:50

CWE-306

cisco

www.cve.org

cisco vision dynamic signage director

authentication bypass

rest api

remote attacker

missing authentication

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

47.9%

JSON

A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API.

CNA Affected

[
  {
    "product": "Cisco Vision Dynamic Signage Director",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-vdsd-auth-bypass

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

47.9%

JSON

Related for CVELIST:CVE-2019-16004