ID

VAR-201905-0601


CVE

CVE-2019-1860


TITLE

Cisco Unified Intelligence Center Vulnerable to resource insertion

Trust: 0.8

sources: JVNDB: JVNDB-2019-004525

DESCRIPTION

A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user’s browser and Cisco Unified Intelligence Center in the context of the malicious gadget. This issue being tracked by Cisco Bug ID CSCvo98208. The platform provides report related business data and display function of call center data

Trust: 1.98

sources: NVD: CVE-2019-1860 // JVNDB: JVNDB-2019-004525 // BID: 108354 // VULHUB: VHN-150962

AFFECTED PRODUCTS

vendor:ciscomodel:unified intelligence centerscope:eqversion:12.0\(1\)

Trust: 1.0

vendor:ciscomodel:unified intelligence centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified intelligence centerscope:eqversion:12.0(1)

Trust: 0.3

sources: BID: 108354 // JVNDB: JVNDB-2019-004525 // NVD: CVE-2019-1860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1860
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1860
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1860
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-706
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150962
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1860
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150962
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1860
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 4.2
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-150962 // JVNDB: JVNDB-2019-004525 // CNNVD: CNNVD-201905-706 // NVD: CVE-2019-1860 // NVD: CVE-2019-1860

PROBLEMTYPE DATA

problemtype:CWE-99

Trust: 1.9

sources: VULHUB: VHN-150962 // JVNDB: JVNDB-2019-004525 // NVD: CVE-2019-1860

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-706

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201905-706

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004525

PATCH

title:cisco-sa-20190515-cuic-cmdinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj

Trust: 0.8

title:Cisco Unified Intelligence Center Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92830

Trust: 0.6

sources: JVNDB: JVNDB-2019-004525 // CNNVD: CNNVD-201905-706

EXTERNAL IDS

db:NVDid:CVE-2019-1860

Trust: 2.8

db:BIDid:108354

Trust: 2.0

db:JVNDBid:JVNDB-2019-004525

Trust: 0.8

db:CNNVDid:CNNVD-201905-706

Trust: 0.7

db:AUSCERTid:ESB-2019.1751.2

Trust: 0.6

db:VULHUBid:VHN-150962

Trust: 0.1

sources: VULHUB: VHN-150962 // BID: 108354 // JVNDB: JVNDB-2019-004525 // CNNVD: CNNVD-201905-706 // NVD: CVE-2019-1860

REFERENCES

url:http://www.securityfocus.com/bid/108354

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-cuic-cmdinj

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1860

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-cuic-cmdinj?vs_f=cisco%20security%20advisory&vs_cat=security%20intelligence&vs_type=rss&vs_p=cisco%20unified%20i

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1860

Trust: 0.8

url:https://www.auscert.org.au/bulletins/81086

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1751.2/

Trust: 0.6

sources: VULHUB: VHN-150962 // BID: 108354 // JVNDB: JVNDB-2019-004525 // CNNVD: CNNVD-201905-706 // NVD: CVE-2019-1860

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.,Cisco

Trust: 0.6

sources: CNNVD: CNNVD-201905-706

SOURCES

db:VULHUBid:VHN-150962
db:BIDid:108354
db:JVNDBid:JVNDB-2019-004525
db:CNNVDid:CNNVD-201905-706
db:NVDid:CVE-2019-1860

LAST UPDATE DATE

2024-11-23T23:11:52.835000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-150962date:2019-05-17T00:00:00
db:BIDid:108354date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004525date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-706date:2019-06-10T00:00:00
db:NVDid:CVE-2019-1860date:2024-11-21T04:37:33.260

SOURCES RELEASE DATE

db:VULHUBid:VHN-150962date:2019-05-16T00:00:00
db:BIDid:108354date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004525date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-706date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1860date:2019-05-16T02:29:00.717