Details of VAR-201901-0365

ID

VAR-201901-0365

CVE

CVE-2019-1645

TITLE

Cisco Connected Mobile Experiences Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-001428

DESCRIPTION

A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks. Cisco Connected Mobile Experiences (CMX) Contains an information disclosure vulnerability.Information may be obtained. This issue is being tracked by Cisco Bug ID CSCvm53119

Trust: 1.98

sources: NVD: CVE-2019-1645 // JVNDB: JVNDB-2019-001428 // BID: 106701 // VULHUB: VHN-148597

AFFECTED PRODUCTS

vendor:	cisco	model:	connected mobile experiences	scope:	eq	version:	10.2\(1.0\)	Trust: 1.0
vendor:	cisco	model:	connected mobile experiences	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	10.2(1.0)	Trust: 0.3
vendor:	cisco	model:	connected mobile experiences	scope:	eq	version:	0	Trust: 0.3

sources: BID: 106701 // JVNDB: JVNDB-2019-001428 // NVD: CVE-2019-1645

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1645
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1645
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1645
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201901-874
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-148597
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-1645
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148597
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1645
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-148597 // JVNDB: JVNDB-2019-001428 // CNNVD: CNNVD-201901-874 // NVD: CVE-2019-1645 // NVD: CVE-2019-1645

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-148597 // JVNDB: JVNDB-2019-001428 // NVD: CVE-2019-1645

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201901-874

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201901-874

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001428

PATCH

title:	cisco-sa-20190123-cmx-info-discl	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-discl	Trust: 0.8
title:	Cisco Connected Mobile Experiences Software Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88953	Trust: 0.6

sources: JVNDB: JVNDB-2019-001428 // CNNVD: CNNVD-201901-874

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1645	Trust: 2.8
db:	BID	id:	106701	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001428	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-874	Trust: 0.7
db:	NSFOCUS	id:	43866	Trust: 0.6
db:	VULHUB	id:	VHN-148597	Trust: 0.1

sources: VULHUB: VHN-148597 // BID: 106701 // JVNDB: JVNDB-2019-001428 // CNNVD: CNNVD-201901-874 // NVD: CVE-2019-1645

REFERENCES

url:	http://www.securityfocus.com/bid/106701	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-cmx-info-discl	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1645	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1645	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/43866	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-148597 // BID: 106701 // JVNDB: JVNDB-2019-001428 // CNNVD: CNNVD-201901-874 // NVD: CVE-2019-1645

CREDITS

Australia for reporting this vulnerability.,Dan (Idan) Taler,Cisco would like to thank Security Consultant Dan (Idan) Taler of Content Security

Trust: 0.6

sources: CNNVD: CNNVD-201901-874

SOURCES

db:	VULHUB	id:	VHN-148597
db:	BID	id:	106701
db:	JVNDB	id:	JVNDB-2019-001428
db:	CNNVD	id:	CNNVD-201901-874
db:	NVD	id:	CVE-2019-1645

LAST UPDATE DATE

2024-11-23T23:01:57.573000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148597	date:	2019-10-09T00:00:00
db:	BID	id:	106701	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001428	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201901-874	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1645	date:	2024-11-21T04:37:00.100

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148597	date:	2019-01-24T00:00:00
db:	BID	id:	106701	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001428	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201901-874	date:	2019-01-24T00:00:00
db:	NVD	id:	CVE-2019-1645	date:	2019-01-24T15:29:00.453