Sign-up

ID

VAR-201902-0426


CVE

CVE-2019-1662


TITLE

Cisco Prime Collaboration Assurance Software authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-001949

DESCRIPTION

A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the QOVR service with a valid username. A successful exploit could allow the attacker to perform actions with the privileges of the user that is used for access. This vulnerability affects Cisco PCA Software Releases prior to 12.1 SP2. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvj07241. The product supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites, among others. Quality of Voice Reporting is one of the quality voice reporting services

Trust: 1.98

sources: NVD: CVE-2019-1662 // JVNDB: JVNDB-2019-001949 // BID: 107096 // VULHUB: VHN-148784

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration assurancescope:eqversion:12.1

Trust: 1.3

vendor:ciscomodel:prime collaboration assurancescope:ltversion:12.1

Trust: 1.0

vendor:ciscomodel:prime collaboration assurancescope:ltversion:12.1 sp2

Trust: 0.8

vendor:ciscomodel:prime collaboration assurance sp2scope:neversion:12.1

Trust: 0.3

sources: BID: 107096 // JVNDB: JVNDB-2019-001949 // NVD: CVE-2019-1662

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1662
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1662
value: HIGH

Trust: 1.0

NVD: CVE-2019-1662
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201902-803
value: CRITICAL

Trust: 0.6

VULHUB: VHN-148784
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1662
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148784
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1662
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1662
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-148784 // JVNDB: JVNDB-2019-001949 // CNNVD: CNNVD-201902-803 // NVD: CVE-2019-1662 // NVD: CVE-2019-1662

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-148784 // JVNDB: JVNDB-2019-001949 // NVD: CVE-2019-1662

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-803

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201902-803

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001949

PATCH
title:cisco-sa-20190220-pca-accessurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-pca-access
Trust: 0.8
title:Cisco PCA Software Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89597
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001949 // 
            
            
            
            CNNVD: CNNVD-201902-803

EXTERNAL IDS
db:NVDid:CVE-2019-1662
Trust: 2.8
db:BIDid:107096
Trust: 2.0
db:JVNDBid:JVNDB-2019-001949
Trust: 0.8
db:CNNVDid:CNNVD-201902-803
Trust: 0.7
db:AUSCERTid:ESB-2019.0536
Trust: 0.6
db:NSFOCUSid:42803
Trust: 0.6
db:CNVDid:CNVD-2020-12739
Trust: 0.1
db:VULHUBid:VHN-148784
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148784 // 
            
            
            
            BID: 107096 // 
            
            
            
            JVNDB: JVNDB-2019-001949 // 
            
            
            
            CNNVD: CNNVD-201902-803 // 
            
            
            
            NVD: CVE-2019-1662

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-pca-access
Trust: 2.6
url:http://www.securityfocus.com/bid/107096
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-1662
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1662
Trust: 0.8
url:http://www.nsfocus.net/vulndb/42803
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75890
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-prime-collaboration-assurance-privilege-escalation-via-authentication-bypass-28575
Trust: 0.6
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-148784 // 
            
            
            
            BID: 107096 // 
            
            
            
            JVNDB: JVNDB-2019-001949 // 
            
            
            
            CNNVD: CNNVD-201902-803 // 
            
            
            
            NVD: CVE-2019-1662

CREDITS
This vulnerability was found during internal security testing.,Cisco,Cisco ?? ??
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-803

SOURCES
db:VULHUBid:VHN-148784
db:BIDid:107096
db:JVNDBid:JVNDB-2019-001949
db:CNNVDid:CNNVD-201902-803
db:NVDid:CVE-2019-1662

LAST UPDATE DATE
2024-11-23T22:17:07.796000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148784date:2019-10-09T00:00:00
db:BIDid:107096date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2019-001949date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-803date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1662date:2024-11-21T04:37:02.537

SOURCES RELEASE DATE
db:VULHUBid:VHN-148784date:2019-02-21T00:00:00
db:BIDid:107096date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2019-001949date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-803date:2019-02-20T00:00:00
db:NVDid:CVE-2019-1662date:2019-02-21T17:29:00.773