Main Vulnerability Database SB2019071721

SB2019071721 - Cryptographic issues in Industrial Network Director

Published: July 17, 2019 Updated: July 19, 2019

Security Bulletin ID SB2019071721

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cryptographic issues (CVE-ID: CVE-2019-1940)

The vulnerability allows a remote attacker to gain read access to sensitive data on the target system.

The vulnerability exist due to the insufficient X.509 certificate validation when establishing a Web Services Management Agent (WSMA) connection. A remote attacker can supply a crafted X.509 certificate during the WSMA connection setup phase and conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-wsma-info