CVE-2019-1917

{"id": "CVE-2019-1917", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2019-07-17T21:15:11.937", "references": [{"url": "http://www.securityfocus.com/bid/109301", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system. The REST API is enabled by default and cannot be disabled."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de la API REST de Vision Dynamic Signage Director de Cisco, podr\u00eda permitir que un atacante remoto no autenticado omita la autenticaci\u00f3n en un sistema afectado. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de las peticiones HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada hacia un sistema afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar acciones arbitrarias por medio de la API REST con privilegios administrativos en el sistema afectado. La API REST est\u00e1 habilitada por defecto y no se puede deshabilitar."}], "lastModified": "2019-10-09T23:48:32.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B205A444-BDE5-4243-81D6-8EAFA0C434BE", "versionEndIncluding": "5.0"}, {"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C55ACC2-A3B1-4E1A-833F-88487109EA33", "versionEndIncluding": "6.1", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:5.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C3F9C24-A823-464C-B0D7-8433C3EB77A4"}, {"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:5.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA2B415C-18A3-4164-B30F-9444BF53DFAE"}, {"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:5.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E419201-F41A-41FB-B4A0-AED3B306720C"}, {"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:5.0:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BB08AC9-C1E2-4026-A733-4440A5D86F9F"}, {"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:5.0:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E536AFFE-8C94-4626-9D8E-8E9A3EC5E5EC"}, {"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:5.0:sp6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D117D5BE-282C-4FAC-A3F1-096B0B4C8BC2"}, {"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:5.0:sp7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD686438-548D-4013-9826-A2F4860E9D90"}, {"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:5.0:sp8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9D817B7-CDD6-4B72-AAB0-447BF1215E18"}, {"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:6.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E6A9C11-7FEF-4716-BFB3-B95CC687970D"}, {"criteria": "cpe:2.3:a:cisco:vision_dynamic_signage_director:6.1:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5051F39D-30BC-4130-A4C0-348EFF321064"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}