Sign-up

ID

VAR-201905-0580


CVE

CVE-2019-1692


TITLE

Cisco Application Policy Infrastructure Controller Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 108155 // CNNVD: CNNVD-201905-011

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric Infrastructure (ACI). An attacker could exploit this vulnerability by attempting to observe certain network traffic when accessing the APIC. A successful exploit could allow the attacker to access and collect certain tracking data and usage statistics on an affected device. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvn09869. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 2.07

sources: NVD: CVE-2019-1692 // JVNDB: JVNDB-2019-004365 // BID: 108155 // VULHUB: VHN-149114 // VULMON: CVE-2019-1692

AFFECTED PRODUCTS

vendor:ciscomodel:application policy infrastructure controllerscope:ltversion:4.1\(1i\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:8.3\(1\)s6

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:application policy infrastructure controller 8.3 s6scope: - version: -

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controller 4.1scope: - version: -

Trust: 0.3

sources: BID: 108155 // JVNDB: JVNDB-2019-004365 // NVD: CVE-2019-1692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1692
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1692
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1692
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-011
value: MEDIUM

Trust: 0.6

VULHUB: VHN-149114
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-1692
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1692
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-149114
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1692
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1692
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-149114 // VULMON: CVE-2019-1692 // JVNDB: JVNDB-2019-004365 // CNNVD: CNNVD-201905-011 // NVD: CVE-2019-1692 // NVD: CVE-2019-1692

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-311

Trust: 1.1

sources: VULHUB: VHN-149114 // JVNDB: JVNDB-2019-004365 // NVD: CVE-2019-1692

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-011

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-011

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004365

PATCH
title:cisco-sa-20190501-apic-info-discurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-apic-info-disc
Trust: 0.8
title:Cisco Application Policy Infrastructure Controller Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92162
Trust: 0.6
title:Cisco: Cisco Application Policy Infrastructure Controller Web-Based Management Interface Usage Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190501-apic-info-disc
Trust: 0.1
title: - url:https://github.com/ExpLangcn/FuYao-Go 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1692 // 
            
            
            
            JVNDB: JVNDB-2019-004365 // 
            
            
            
            CNNVD: CNNVD-201905-011

EXTERNAL IDS
db:NVDid:CVE-2019-1692
Trust: 2.9
db:BIDid:108155
Trust: 2.0
db:JVNDBid:JVNDB-2019-004365
Trust: 0.8
db:CNNVDid:CNNVD-201905-011
Trust: 0.7
db:AUSCERTid:ESB-2019.1518.2
Trust: 0.6
db:VULHUBid:VHN-149114
Trust: 0.1
db:VULMONid:CVE-2019-1692
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149114 // 
            
            
            
            VULMON: CVE-2019-1692 // 
            
            
            
            BID: 108155 // 
            
            
            
            JVNDB: JVNDB-2019-004365 // 
            
            
            
            CNNVD: CNNVD-201905-011 // 
            
            
            
            NVD: CVE-2019-1692

REFERENCES
url:http://www.securityfocus.com/bid/108155
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-apic-info-disc
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1692
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1692
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-apic-priv-escalation
Trust: 0.6
url:https://www.auscert.org.au/bulletins/80110
Trust: 0.6
sources:
            
            
            VULHUB: VHN-149114 // 
            
            
            
            BID: 108155 // 
            
            
            
            JVNDB: JVNDB-2019-004365 // 
            
            
            
            CNNVD: CNNVD-201905-011 // 
            
            
            
            NVD: CVE-2019-1692

CREDITS
Felix Wallaschek of Detack GmbH .
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-011

SOURCES
db:VULHUBid:VHN-149114
db:VULMONid:CVE-2019-1692
db:BIDid:108155
db:JVNDBid:JVNDB-2019-004365
db:CNNVDid:CNNVD-201905-011
db:NVDid:CVE-2019-1692

LAST UPDATE DATE
2024-11-23T22:33:55.776000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-149114date:2020-10-07T00:00:00
db:VULMONid:CVE-2019-1692date:2020-10-07T00:00:00
db:BIDid:108155date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004365date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-011date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1692date:2024-11-21T04:37:06.760

SOURCES RELEASE DATE
db:VULHUBid:VHN-149114date:2019-05-03T00:00:00
db:VULMONid:CVE-2019-1692date:2019-05-03T00:00:00
db:BIDid:108155date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004365date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-011date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1692date:2019-05-03T15:29:00.900