Main Vulnerability Database Vulnerabilities #VU17199

#VU17199 Information disclosure in Cisco Mobility Services Engine - CVE-2019-1645

Published: January 23, 2019 / Updated: January 24, 2019

Vulnerability identifier: #VU17199

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-1645

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Cisco Mobility Services Engine

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information.

The vulnerability exists due to a lack of input and validation checking mechanisms for certain GET requests to API's. An adjacent attacker can send HTTP GET requests obtain arbitrary data and use this information to conduct additional reconnaissance attacks.

Remediation

Install update from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-dis...

#VU17199 Information disclosure in Cisco Mobility Services Engine - CVE-2019-1645

Description

Remediation

External links

Please verify you're human