Main Vulnerability Database Vulnerabilities #VU19247

SQL injection in Cisco Identity Services Engine (ISE) - CVE-2019-1942

Published: July 18, 2019

Vulnerability identifier: #VU19247

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-1942

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Identity Services Engine (ISE)

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web interface. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database, modify entries in some database tables and affect the integrity of the data.

How to mitigate CVE-2019-1942

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-ise-sql-inject

SQL injection in Cisco Identity Services Engine (ISE) - CVE-2019-1942

Detailed vulnerability description

How to mitigate CVE-2019-1942

Sources

Please verify you're human