Details of VAR-201901-0361

ID

VAR-201901-0361

CVE

CVE-2019-1658

TITLE

Cisco Unified Intelligence Center Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2019-001416

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvn41579. The platform provides functions such as report-related business data and comprehensive display of call center data

Trust: 1.98

sources: NVD: CVE-2019-1658 // JVNDB: JVNDB-2019-001416 // BID: 106713 // VULHUB: VHN-148740

AFFECTED PRODUCTS

vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	11.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	11.6(1)	Trust: 0.3

sources: BID: 106713 // JVNDB: JVNDB-2019-001416 // NVD: CVE-2019-1658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1658
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1658
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1658
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201901-881
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148740
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1658
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148740
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1658
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1658
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-148740 // JVNDB: JVNDB-2019-001416 // CNNVD: CNNVD-201901-881 // NVD: CVE-2019-1658 // NVD: CVE-2019-1658

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-148740 // JVNDB: JVNDB-2019-001416 // NVD: CVE-2019-1658

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-881

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201901-881

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001416

PATCH

title:	cisco-sa-20190123-uic-csrf	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf	Trust: 0.8
title:	Cisco Unified Intelligence Center Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88946	Trust: 0.6

sources: JVNDB: JVNDB-2019-001416 // CNNVD: CNNVD-201901-881

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1658	Trust: 2.8
db:	BID	id:	106713	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001416	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-881	Trust: 0.7
db:	NSFOCUS	id:	43893	Trust: 0.6
db:	VULHUB	id:	VHN-148740	Trust: 0.1

sources: VULHUB: VHN-148740 // BID: 106713 // JVNDB: JVNDB-2019-001416 // CNNVD: CNNVD-201901-881 // NVD: CVE-2019-1658

REFERENCES

url:	http://www.securityfocus.com/bid/106713	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-uic-csrf	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1658	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1658	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/43893	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3
url:	https://software.cisco.com/download/home/282163829/type/282377062/release/12.0%25281%2529	Trust: 0.3

sources: VULHUB: VHN-148740 // BID: 106713 // JVNDB: JVNDB-2019-001416 // CNNVD: CNNVD-201901-881 // NVD: CVE-2019-1658

CREDITS

Cisco,This vulnerability was found during the resolution of a Cisco TAC support case.

Trust: 0.6

sources: CNNVD: CNNVD-201901-881

SOURCES

db:	VULHUB	id:	VHN-148740
db:	BID	id:	106713
db:	JVNDB	id:	JVNDB-2019-001416
db:	CNNVD	id:	CNNVD-201901-881
db:	NVD	id:	CVE-2019-1658

LAST UPDATE DATE

2024-08-14T14:45:30.346000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148740	date:	2019-10-09T00:00:00
db:	BID	id:	106713	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001416	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201901-881	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1658	date:	2019-10-09T23:47:38.657

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148740	date:	2019-01-24T00:00:00
db:	BID	id:	106713	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001416	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201901-881	date:	2019-01-24T00:00:00
db:	NVD	id:	CVE-2019-1658	date:	2019-01-24T16:29:00.503