Sign-up

ID

VAR-201906-0298


CVE

CVE-2019-1874


TITLE

Cisco Prime Service Catalog Software cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005629

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvp02883. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources

Trust: 1.98

sources: NVD: CVE-2019-1874 // JVNDB: JVNDB-2019-005629 // BID: 108861 // VULHUB: VHN-151116

AFFECTED PRODUCTS

vendor:ciscomodel:prime service catalogscope:eqversion:12.1

Trust: 1.3

vendor:ciscomodel:prime service catalogscope:eqversion:12.0

Trust: 1.3

vendor:ciscomodel:prime service catalogscope:eqversion:11.0

Trust: 1.3

vendor:ciscomodel:prime service catalogscope:eqversion:11.1

Trust: 1.0

vendor:ciscomodel:prime service catalogscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime service catalogscope:eqversion:11.1.1

Trust: 0.3

vendor:ciscomodel:prime service catalog patchscope:neversion:12.1v10

Trust: 0.3

sources: BID: 108861 // JVNDB: JVNDB-2019-005629 // NVD: CVE-2019-1874

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1874
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1874
value: HIGH

Trust: 1.0

NVD: CVE-2019-1874
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-792
value: HIGH

Trust: 0.6

VULHUB: VHN-151116
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1874
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151116
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1874
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-151116 // JVNDB: JVNDB-2019-005629 // CNNVD: CNNVD-201906-792 // NVD: CVE-2019-1874 // NVD: CVE-2019-1874

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-151116 // JVNDB: JVNDB-2019-005629 // NVD: CVE-2019-1874

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-792

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201906-792

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005629

PATCH
title:cisco-sa-20190619-psc-csrfurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-psc-csrf
Trust: 0.8
title:Cisco Prime Service Catalog Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93942
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005629 // 
            
            
            
            CNNVD: CNNVD-201906-792

EXTERNAL IDS
db:NVDid:CVE-2019-1874
Trust: 2.8
db:BIDid:108861
Trust: 2.0
db:JVNDBid:JVNDB-2019-005629
Trust: 0.8
db:CNNVDid:CNNVD-201906-792
Trust: 0.7
db:AUSCERTid:ESB-2019.2189
Trust: 0.6
db:AUSCERTid:ESB-2019.2189.2
Trust: 0.6
db:VULHUBid:VHN-151116
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151116 // 
            
            
            
            BID: 108861 // 
            
            
            
            JVNDB: JVNDB-2019-005629 // 
            
            
            
            CNNVD: CNNVD-201906-792 // 
            
            
            
            NVD: CVE-2019-1874

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-psc-csrf
Trust: 2.0
url:http://www.securityfocus.com/bid/108861
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1874
Trust: 1.4
url:http://www.cisco.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1874
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-psc-xss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-prime-privescal
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2189.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2189/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-151116 // 
            
            
            
            BID: 108861 // 
            
            
            
            JVNDB: JVNDB-2019-005629 // 
            
            
            
            CNNVD: CNNVD-201906-792 // 
            
            
            
            NVD: CVE-2019-1874

CREDITS
Eric Schayes and Alexander Barakazian from Dimension Data.
Trust: 0.9
sources:
            
            
            BID: 108861 // 
            
            
            
            CNNVD: CNNVD-201906-792

SOURCES
db:VULHUBid:VHN-151116
db:BIDid:108861
db:JVNDBid:JVNDB-2019-005629
db:CNNVDid:CNNVD-201906-792
db:NVDid:CVE-2019-1874

LAST UPDATE DATE
2024-11-23T21:10:18.729000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151116date:2019-06-24T00:00:00
db:BIDid:108861date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005629date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-792date:2019-07-05T00:00:00
db:NVDid:CVE-2019-1874date:2024-11-21T04:37:35.403

SOURCES RELEASE DATE
db:VULHUBid:VHN-151116date:2019-06-20T00:00:00
db:BIDid:108861date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005629date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-792date:2019-06-20T00:00:00
db:NVDid:CVE-2019-1874date:2019-06-20T03:15:12.057