Sign-up

ID

VAR-201902-0454


CVE

CVE-2019-1688


TITLE

Cisco Network Assurance Engine Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2019-001961

DESCRIPTION

A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1). An attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvo18229. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.98

sources: NVD: CVE-2019-1688 // JVNDB: JVNDB-2019-001961 // BID: 107010 // VULHUB: VHN-149070

AFFECTED PRODUCTS

vendor:ciscomodel:network assurance enginescope:eqversion:3.0(1)

Trust: 1.1

vendor:ciscomodel:network assurance enginescope:eqversion:3.0\(1\)

Trust: 1.0

vendor:ciscomodel:network assurance engine 3.0scope:neversion: -

Trust: 0.3

sources: BID: 107010 // JVNDB: JVNDB-2019-001961 // NVD: CVE-2019-1688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1688
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1688
value: HIGH

Trust: 1.0

NVD: CVE-2019-1688
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201902-506
value: HIGH

Trust: 0.6

VULHUB: VHN-149070
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1688
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149070
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1688
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1688
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: CVE-2019-1688
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149070 // JVNDB: JVNDB-2019-001961 // CNNVD: CNNVD-201902-506 // NVD: CVE-2019-1688 // NVD: CVE-2019-1688

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-149070 // JVNDB: JVNDB-2019-001961 // NVD: CVE-2019-1688

THREAT TYPE

local

Trust: 0.9

sources: BID: 107010 // CNNVD: CNNVD-201902-506

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201902-506

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001961

PATCH
title:cisco-sa-20190212-nae-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-001961

EXTERNAL IDS
db:NVDid:CVE-2019-1688
Trust: 2.8
db:BIDid:107010
Trust: 2.0
db:JVNDBid:JVNDB-2019-001961
Trust: 0.8
db:CNNVDid:CNNVD-201902-506
Trust: 0.7
db:AUSCERTid:ESB-2019.0448
Trust: 0.6
db:VULHUBid:VHN-149070
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149070 // 
            
            
            
            BID: 107010 // 
            
            
            
            JVNDB: JVNDB-2019-001961 // 
            
            
            
            CNNVD: CNNVD-201902-506 // 
            
            
            
            NVD: CVE-2019-1688

REFERENCES
url:http://www.securityfocus.com/bid/107010
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190212-nae-dos
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1688
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1688
Trust: 0.8
url:https://www.auscert.org.au/bulletins/75502
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-149070 // 
            
            
            
            BID: 107010 // 
            
            
            
            JVNDB: JVNDB-2019-001961 // 
            
            
            
            CNNVD: CNNVD-201902-506 // 
            
            
            
            NVD: CVE-2019-1688

CREDITS
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.,Cisco
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-506

SOURCES
db:VULHUBid:VHN-149070
db:BIDid:107010
db:JVNDBid:JVNDB-2019-001961
db:CNNVDid:CNNVD-201902-506
db:NVDid:CVE-2019-1688

LAST UPDATE DATE
2024-11-23T22:45:06.241000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-149070date:2019-10-09T00:00:00
db:BIDid:107010date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-001961date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-506date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1688date:2024-11-21T04:37:06.197

SOURCES RELEASE DATE
db:VULHUBid:VHN-149070date:2019-02-12T00:00:00
db:BIDid:107010date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-001961date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-506date:2019-02-12T00:00:00
db:NVDid:CVE-2019-1688date:2019-02-12T19:29:00.247