CVE-2019-1860

{"id": "CVE-2019-1860", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.6}]}, "published": "2019-05-16T02:29:00.717", "references": [{"url": "http://www.securityfocus.com/bid/108354", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-99"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-99"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user’s browser and Cisco Unified Intelligence Center in the context of the malicious gadget."}, {"lang": "es", "value": "Una vulnerabilidad en el procesamiento en dashboard gadget rendering de Cisco Unified Intelligence Center, podr\u00eda permitir que un atacante remoto no autorizado obtenga o manipule informaci\u00f3n confidencial entre el navegador de un usuario y el Centro de Inteligencia Unificada de Cisco. La vulnerabilidad es debido a la falta de comprobaci\u00f3n del gadget. Un atacante podr\u00eda explotar esta vulnerabilidad al forzar a un usuario a cargar un gadget malicioso. Una explotaci\u00f3n con exito podr\u00eda permitir al atacante obtener informaci\u00f3n confidencial, como las credenciales de usuario actuales, o manipular los datos entre el navegador del usuario y el Centro de Inteligencia Unificada de Cisco en el contexto del dispositivo malicioso."}], "lastModified": "2019-05-17T06:29:00.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF881F48-7268-4A06-A72B-FEE1BD58A193"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}