Main Vulnerability Database Vulnerabilities #VU19248

Improper Authentication in Cisco Vision Dynamic Signage Director - CVE-2019-1917

Published: July 18, 2019

Vulnerability identifier: #VU19248

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-1917

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Vision Dynamic Signage Director

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to insufficient validation of HTTP requests in the REST API interface. A remote attacker can send a crafted HTTP request to an affected system, bypass authentication process, gain unauthorized access to the application and execute arbitrary actions through the REST API with administrative privileges on the affected system.

How to mitigate CVE-2019-1917

Install updates from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth

Improper Authentication in Cisco Vision Dynamic Signage Director - CVE-2019-1917

Detailed vulnerability description

How to mitigate CVE-2019-1917

Sources

Please verify you're human