Details of VAR-201904-0432

ID

VAR-201904-0432

CVE

CVE-2019-1841

TITLE

Cisco DNA Center Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003527

DESCRIPTION

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected. Cisco DNA Center Contains an input validation vulnerability.Information may be obtained and information may be altered. Cisco DNA Center Software is prone to a access-bypass vulnerability. This issue is being tracked by Cisco Bug CSCvj93985. The solution scales and protects devices, applications, and more within the network

Trust: 1.98

sources: NVD: CVE-2019-1841 // JVNDB: JVNDB-2019-003527 // BID: 108084 // VULHUB: VHN-150753

AFFECTED PRODUCTS

vendor:	cisco	model:	dna center	scope:	lt	version:	1.2.5	Trust: 1.8
vendor:	cisco	model:	dna center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 108084 // JVNDB: JVNDB-2019-003527 // NVD: CVE-2019-1841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1841
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1841
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1841
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-840
value:	HIGH
Trust: 0.6
VULHUB:	VHN-150753
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1841
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-150753
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1841
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1841
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-150753 // JVNDB: JVNDB-2019-003527 // CNNVD: CNNVD-201904-840 // NVD: CVE-2019-1841 // NVD: CVE-2019-1841

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-441	Trust: 1.0

sources: VULHUB: VHN-150753 // JVNDB: JVNDB-2019-003527 // NVD: CVE-2019-1841

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-840

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 108084 // CNNVD: CNNVD-201904-840

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003527

PATCH

title:	cisco-sa-20190417-swim-proxy	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-swim-proxy	Trust: 0.8
title:	Cisco Digital Network Architecture Center Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91674	Trust: 0.6

sources: JVNDB: JVNDB-2019-003527 // CNNVD: CNNVD-201904-840

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1841	Trust: 2.8
db:	BID	id:	108084	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-003527	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-840	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1335	Trust: 0.6
db:	VULHUB	id:	VHN-150753	Trust: 0.1

sources: VULHUB: VHN-150753 // BID: 108084 // JVNDB: JVNDB-2019-003527 // CNNVD: CNNVD-201904-840 // NVD: CVE-2019-1841

REFERENCES

url:	http://www.securityfocus.com/bid/108084	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-swim-proxy	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1841	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1841	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/79314	Trust: 0.6

sources: VULHUB: VHN-150753 // BID: 108084 // JVNDB: JVNDB-2019-003527 // CNNVD: CNNVD-201904-840 // NVD: CVE-2019-1841

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 108084

SOURCES

db:	VULHUB	id:	VHN-150753
db:	BID	id:	108084
db:	JVNDB	id:	JVNDB-2019-003527
db:	CNNVD	id:	CNNVD-201904-840
db:	NVD	id:	CVE-2019-1841

LAST UPDATE DATE

2024-11-23T22:55:37.757000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150753	date:	2019-10-09T00:00:00
db:	BID	id:	108084	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003527	date:	2019-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201904-840	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-1841	date:	2024-11-21T04:37:30.627

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150753	date:	2019-04-18T00:00:00
db:	BID	id:	108084	date:	2019-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-003527	date:	2019-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201904-840	date:	2019-04-17T00:00:00
db:	NVD	id:	CVE-2019-1841	date:	2019-04-18T02:29:06.123