Information disclosure in Cisco Mobility Services Engine - CVE-2019-1645
Published: January 23, 2019 / Updated: January 24, 2019
Vulnerability identifier: #VU17199
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-1645
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Mobility Services Engine
Cisco Mobility Services Engine
Detailed vulnerability description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information.
The vulnerability exists due to a lack of input and validation checking mechanisms for certain GET requests to API's. An adjacent attacker can send HTTP GET requests obtain arbitrary data and use this information to conduct additional reconnaissance attacks.
How to mitigate CVE-2019-1645
Install update from vendor's website.