Sign-up

ID

VAR-201905-0603


CVE

CVE-2019-1851


TITLE

Cisco Identity Services Engine Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004728

DESCRIPTION

A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to an incorrect implementation of role-based access control (RBAC). An attacker could exploit this vulnerability by crafting a specific HTTP request with administrative credentials. A successful exploit could allow the attacker to generate a certificate that is signed and trusted by the ISE CA with arbitrary attributes. The attacker could use this certificate to access other networks or assets that are protected by certificate authentication. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvm81230. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.98

sources: NVD: CVE-2019-1851 // JVNDB: JVNDB-2019-004728 // BID: 108356 // VULHUB: VHN-150863

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.3\(0.298\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.2\(0.470\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.4\(0.357\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services enginescope:eqversion:2.4(0.357)

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:2.3(0.298)

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:2.2(0.470)

Trust: 0.3

vendor:ciscomodel:identity services enginescope:neversion:2.4(0.908)

Trust: 0.3

sources: BID: 108356 // JVNDB: JVNDB-2019-004728 // NVD: CVE-2019-1851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1851
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1851
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1851
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-704
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150863
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1851
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150863
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1851
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 4.0
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1851
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-1851
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-150863 // JVNDB: JVNDB-2019-004728 // CNNVD: CNNVD-201905-704 // NVD: CVE-2019-1851 // NVD: CVE-2019-1851

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-150863 // JVNDB: JVNDB-2019-004728 // NVD: CVE-2019-1851

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-704

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201905-704

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004728

PATCH
title:cisco-sa-20190515-ise-certcreationurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-ise-certcreation
Trust: 0.8
title:Cisco Identity Services Engine Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92828
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004728 // 
            
            
            
            CNNVD: CNNVD-201905-704

EXTERNAL IDS
db:NVDid:CVE-2019-1851
Trust: 2.8
db:BIDid:108356
Trust: 2.0
db:JVNDBid:JVNDB-2019-004728
Trust: 0.8
db:CNNVDid:CNNVD-201905-704
Trust: 0.7
db:AUSCERTid:ESB-2019.1758
Trust: 0.6
db:VULHUBid:VHN-150863
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150863 // 
            
            
            
            BID: 108356 // 
            
            
            
            JVNDB: JVNDB-2019-004728 // 
            
            
            
            CNNVD: CNNVD-201905-704 // 
            
            
            
            NVD: CVE-2019-1851

REFERENCES
url:http://www.securityfocus.com/bid/108356
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-ise-certcreation
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1851
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1851
Trust: 0.8
url:https://www.auscert.org.au/bulletins/81114
Trust: 0.6
sources:
            
            
            VULHUB: VHN-150863 // 
            
            
            
            BID: 108356 // 
            
            
            
            JVNDB: JVNDB-2019-004728 // 
            
            
            
            CNNVD: CNNVD-201905-704 // 
            
            
            
            NVD: CVE-2019-1851

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108356 // 
            
            
            
            CNNVD: CNNVD-201905-704

SOURCES
db:VULHUBid:VHN-150863
db:BIDid:108356
db:JVNDBid:JVNDB-2019-004728
db:CNNVDid:CNNVD-201905-704
db:NVDid:CVE-2019-1851

LAST UPDATE DATE
2024-08-14T15:18:03.946000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150863date:2020-10-16T00:00:00
db:BIDid:108356date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004728date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-704date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1851date:2020-10-16T15:32:36.437

SOURCES RELEASE DATE
db:VULHUBid:VHN-150863date:2019-05-16T00:00:00
db:BIDid:108356date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004728date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-704date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1851date:2019-05-16T02:29:00.543