Main Vulnerability Database Vulnerabilities #VU17840

#VU17840 Man-in-the-Middle (MitM) attack in Cisco Prime Infrastructure - CVE-2019-1659

Published: February 22, 2019

Vulnerability identifier: #VU17840

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-1659

CWE-ID: CWE-300

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Prime Infrastructure

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to conduct man-in-the-middle attack.

The vulnerability exists in the Identity Services Engine (ISE) integration feature due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. A remote attacker can use a specially crafted SSL certificate, intercept communications between the ISE and PI and view and alter potentially sensitive information that the ISE maintains about clients that are connected to the network.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation

#VU17840 Man-in-the-Middle (MitM) attack in Cisco Prime Infrastructure - CVE-2019-1659

Description

Remediation

External links

Please verify you're human