ID

VAR-201901-0361


CVE

CVE-2019-1658


TITLE

Cisco Unified Intelligence Center Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2019-001416

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvn41579. The platform provides functions such as report-related business data and comprehensive display of call center data

Trust: 1.98

sources: NVD: CVE-2019-1658 // JVNDB: JVNDB-2019-001416 // BID: 106713 // VULHUB: VHN-148740

AFFECTED PRODUCTS

vendor:ciscomodel:unified intelligence centerscope:eqversion:11.6\(1\)

Trust: 1.0

vendor:ciscomodel:unified intelligence centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified intelligence centerscope:eqversion:11.6(1)

Trust: 0.3

sources: BID: 106713 // JVNDB: JVNDB-2019-001416 // NVD: CVE-2019-1658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1658
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1658
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1658
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-881
value: HIGH

Trust: 0.6

VULHUB: VHN-148740
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1658
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148740
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1658
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1658
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-148740 // JVNDB: JVNDB-2019-001416 // CNNVD: CNNVD-201901-881 // NVD: CVE-2019-1658 // NVD: CVE-2019-1658

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-148740 // JVNDB: JVNDB-2019-001416 // NVD: CVE-2019-1658

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-881

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201901-881

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001416

PATCH

title:cisco-sa-20190123-uic-csrfurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf

Trust: 0.8

title:Cisco Unified Intelligence Center Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88946

Trust: 0.6

sources: JVNDB: JVNDB-2019-001416 // CNNVD: CNNVD-201901-881

EXTERNAL IDS

db:NVDid:CVE-2019-1658

Trust: 2.8

db:BIDid:106713

Trust: 2.0

db:JVNDBid:JVNDB-2019-001416

Trust: 0.8

db:CNNVDid:CNNVD-201901-881

Trust: 0.7

db:NSFOCUSid:43893

Trust: 0.6

db:VULHUBid:VHN-148740

Trust: 0.1

sources: VULHUB: VHN-148740 // BID: 106713 // JVNDB: JVNDB-2019-001416 // CNNVD: CNNVD-201901-881 // NVD: CVE-2019-1658

REFERENCES

url:http://www.securityfocus.com/bid/106713

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-uic-csrf

Trust: 2.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1658

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-1658

Trust: 0.8

url:http://www.nsfocus.net/vulndb/43893

Trust: 0.6

url:http://www.cisco.com

Trust: 0.3

url:https://software.cisco.com/download/home/282163829/type/282377062/release/12.0%25281%2529

Trust: 0.3

sources: VULHUB: VHN-148740 // BID: 106713 // JVNDB: JVNDB-2019-001416 // CNNVD: CNNVD-201901-881 // NVD: CVE-2019-1658

CREDITS

Cisco,This vulnerability was found during the resolution of a Cisco TAC support case.

Trust: 0.6

sources: CNNVD: CNNVD-201901-881

SOURCES

db:VULHUBid:VHN-148740
db:BIDid:106713
db:JVNDBid:JVNDB-2019-001416
db:CNNVDid:CNNVD-201901-881
db:NVDid:CVE-2019-1658

LAST UPDATE DATE

2024-08-14T14:45:30.346000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-148740date:2019-10-09T00:00:00
db:BIDid:106713date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001416date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-881date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1658date:2019-10-09T23:47:38.657

SOURCES RELEASE DATE

db:VULHUBid:VHN-148740date:2019-01-24T00:00:00
db:BIDid:106713date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001416date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-881date:2019-01-24T00:00:00
db:NVDid:CVE-2019-1658date:2019-01-24T16:29:00.503