Details of VAR-201906-0291

ID

VAR-201906-0291

CVE

CVE-2019-1882

TITLE

Cisco Industrial Network Director Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-005283

DESCRIPTION

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to conduct XSS attacks. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This issue is being tracked by Cisco Bug ID CSCvm22833. The system realizes automatic management through visual operation of industrial Ethernet infrastructure. The vulnerability stems from the lack of correct validation of client data in WEB applications

Trust: 1.98

sources: NVD: CVE-2019-1882 // JVNDB: JVNDB-2019-005283 // BID: 108629 // VULHUB: VHN-151204

AFFECTED PRODUCTS

vendor:	cisco	model:	industrial network director	scope:	eq	version:	1.5\(0.250\)	Trust: 1.0
vendor:	cisco	model:	industrial network director	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	network level service	scope:	eq	version:	1.5(0.250)	Trust: 0.3
vendor:	cisco	model:	industrial network director	scope:	eq	version:	0	Trust: 0.3

sources: BID: 108629 // JVNDB: JVNDB-2019-005283 // NVD: CVE-2019-1882

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1882
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1882
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1882
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201906-155
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-151204
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-1882
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-151204
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1882
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-151204 // JVNDB: JVNDB-2019-005283 // CNNVD: CNNVD-201906-155 // NVD: CVE-2019-1882 // NVD: CVE-2019-1882

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-151204 // JVNDB: JVNDB-2019-005283 // NVD: CVE-2019-1882

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-155

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201906-155

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005283

PATCH

title:	cisco-sa-20190605-ind-xss	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-xss	Trust: 0.8
title:	Cisco Industrial Network Director Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93247	Trust: 0.6

sources: JVNDB: JVNDB-2019-005283 // CNNVD: CNNVD-201906-155

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1882	Trust: 2.8
db:	BID	id:	108629	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-005283	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-155	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2025.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2025	Trust: 0.6
db:	VULHUB	id:	VHN-151204	Trust: 0.1

sources: VULHUB: VHN-151204 // BID: 108629 // JVNDB: JVNDB-2019-005283 // CNNVD: CNNVD-201906-155 // NVD: CVE-2019-1882

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-ind-xss	Trust: 2.6
url:	http://www.securityfocus.com/bid/108629	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1882	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1882	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-ind-rce	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-ind-csrf	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2025.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2025/	Trust: 0.6

sources: VULHUB: VHN-151204 // BID: 108629 // JVNDB: JVNDB-2019-005283 // CNNVD: CNNVD-201906-155 // NVD: CVE-2019-1882

CREDITS

Cisco

Trust: 0.9

sources: BID: 108629 // CNNVD: CNNVD-201906-155

SOURCES

db:	VULHUB	id:	VHN-151204
db:	BID	id:	108629
db:	JVNDB	id:	JVNDB-2019-005283
db:	CNNVD	id:	CNNVD-201906-155
db:	NVD	id:	CVE-2019-1882

LAST UPDATE DATE

2024-11-23T22:11:59.972000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151204	date:	2019-10-09T00:00:00
db:	BID	id:	108629	date:	2019-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-005283	date:	2019-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201906-155	date:	2019-06-13T00:00:00
db:	NVD	id:	CVE-2019-1882	date:	2024-11-21T04:37:36.403

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151204	date:	2019-06-05T00:00:00
db:	BID	id:	108629	date:	2019-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-005283	date:	2019-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201906-155	date:	2019-06-05T00:00:00
db:	NVD	id:	CVE-2019-1882	date:	2019-06-05T17:29:00.710