Details of VAR-201905-0236

ID

VAR-201905-0236

CVE

CVE-2019-1717

TITLE

Cisco Video Surveillance Manager Path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-004533 // CNNVD: CNNVD-201905-639

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to an affected component. A successful exploit could allow the attacker to download arbitrary files from the affected device, which could contain sensitive information. Cisco Video Surveillance Manager Contains a path traversal vulnerability.Information may be obtained. This issue is being tracked by Cisco Bug ID CSCvo47618. It provides a browser-based user interface primarily for collecting, managing, recording, archiving and categorizing video from multiple third-party video encoders and IP cameras. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths

Trust: 1.98

sources: NVD: CVE-2019-1717 // JVNDB: JVNDB-2019-004533 // BID: 108336 // VULHUB: VHN-149389

AFFECTED PRODUCTS

vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.21	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.12	Trust: 0.3
vendor:	cisco	model:	video surveillance manager	scope:	ne	version:	7.12.1	Trust: 0.3

sources: BID: 108336 // JVNDB: JVNDB-2019-004533 // NVD: CVE-2019-1717

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1717
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1717
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1717
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-639
value:	HIGH
Trust: 0.6
VULHUB:	VHN-149389
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1717
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-149389
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1717
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-149389 // JVNDB: JVNDB-2019-004533 // CNNVD: CNNVD-201905-639 // NVD: CVE-2019-1717 // NVD: CVE-2019-1717

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-149389 // JVNDB: JVNDB-2019-004533 // NVD: CVE-2019-1717

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-639

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201905-639

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004533

PATCH

title:	cisco-sa-20190515-cvsm	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cvsm	Trust: 0.8
title:	Cisco Video Surveillance Manager Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92765	Trust: 0.6

sources: JVNDB: JVNDB-2019-004533 // CNNVD: CNNVD-201905-639

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1717	Trust: 2.8
db:	BID	id:	108336	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-004533	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-639	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1750	Trust: 0.6
db:	VULHUB	id:	VHN-149389	Trust: 0.1

sources: VULHUB: VHN-149389 // BID: 108336 // JVNDB: JVNDB-2019-004533 // CNNVD: CNNVD-201905-639 // NVD: CVE-2019-1717

REFERENCES

url:	http://www.securityfocus.com/bid/108336	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-cvsm	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1717	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1717	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/81082	Trust: 0.6

sources: VULHUB: VHN-149389 // BID: 108336 // JVNDB: JVNDB-2019-004533 // CNNVD: CNNVD-201905-639 // NVD: CVE-2019-1717

CREDITS

Cisco.

Trust: 0.9

sources: BID: 108336 // CNNVD: CNNVD-201905-639

SOURCES

db:	VULHUB	id:	VHN-149389
db:	BID	id:	108336
db:	JVNDB	id:	JVNDB-2019-004533
db:	CNNVD	id:	CNNVD-201905-639
db:	NVD	id:	CVE-2019-1717

LAST UPDATE DATE

2024-11-23T23:01:50.556000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149389	date:	2019-10-09T00:00:00
db:	BID	id:	108336	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004533	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-639	date:	2019-05-17T00:00:00
db:	NVD	id:	CVE-2019-1717	date:	2024-11-21T04:37:10.113

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149389	date:	2019-05-15T00:00:00
db:	BID	id:	108336	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004533	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-639	date:	2019-05-15T00:00:00
db:	NVD	id:	CVE-2019-1717	date:	2019-05-15T17:29:01.407