Main Vulnerability Database SB2019090510

SB2019090510 - Improper access restrictions in Cisco Industrial Network Director

Published: September 5, 2019

Security Bulletin ID SB2019090510

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2019-1976)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists in the “plug-and-play” services component due to improper access restrictions on the web-based management interface. A remote attacker can send a specially crafted HTTP request to the target device and gain access to the running configuration information about devices managed by the IND, including administrative credentials.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-ind