CVE-2019-1940

A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software. At the time of publication, this vulnerability affected Cisco IND Software releases prior to 1.7.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/109296	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-wsma-info	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:industrial_network_director:*:*:*:*:*:*:*:*

History

29 Oct 2021, 19:16

Type	Values Removed	Values Added
CWE	~~CWE-310~~	CWE-295

Information

Published : 2019-07-17 21:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-1940

Mitre link : CVE-2019-1940

CVE.ORG link : CVE-2019-1940

JSON object : View

Products Affected

cisco

industrial_network_director

CWE

CWE-295

Improper Certificate Validation

CWE-310

Cryptographic Issues

{"id": "CVE-2019-1940", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-07-17T21:15:12.250", "references": [{"url": "http://www.securityfocus.com/bid/109296", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-wsma-info", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software. At the time of publication, this vulnerability affected Cisco IND Software releases prior to 1.7."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad Web Services Management Agent (WSMA) de Industrial Network Director (IND) de Cisco, podr\u00eda permitir a un atacante remoto no autenticado conseguir acceso de lectura no autorizado a datos confidenciales utilizando un certificado X.509 no v\u00e1lido. La vulnerabilidad es debido a la comprobaci\u00f3n insuficiente del certificado X.509 al establecer una conexi\u00f3n WSMA. Un atacante podr\u00eda explotar esta vulnerabilidad al proporcionar un certificado X.509 dise\u00f1ado durante la fase de configuraci\u00f3n de la conexi\u00f3n WSMA. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante conducir ataques de tipo man-in-the-middle para descifrar informaci\u00f3n confidencial en las conexiones WSMA en el software afectado. Al momento de la publicaci\u00f3n, esta vulnerabilidad afect\u00f3 al Software IND de Cisco versiones anteriores a 1.7."}], "lastModified": "2021-10-29T19:16:54.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:industrial_network_director:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF14CF11-C330-41C2-B6FB-5833BA9AC1FE", "versionEndExcluding": "1.7"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}