Main Vulnerability Database Vulnerabilities #VU19248

#VU19248 Improper Authentication in Cisco Vision Dynamic Signage Director - CVE-2019-1917

Published: July 18, 2019

Vulnerability identifier: #VU19248

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-1917

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Vision Dynamic Signage Director

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to insufficient validation of HTTP requests in the REST API interface. A remote attacker can send a crafted HTTP request to an affected system, bypass authentication process, gain unauthorized access to the application and execute arbitrary actions through the REST API with administrative privileges on the affected system.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth

#VU19248 Improper Authentication in Cisco Vision Dynamic Signage Director - CVE-2019-1917

Description

Remediation

External links

Please verify you're human