Sign-up

ID

VAR-201906-0684


CVE

CVE-2019-1861


TITLE

Cisco Industrial Network Director Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005277

DESCRIPTION

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Cisco Industrial Network Director Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco bug ID CSCvm20474. The system realizes automatic management through visual operation of industrial Ethernet infrastructure. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.07

sources: NVD: CVE-2019-1861 // JVNDB: JVNDB-2019-005277 // BID: 108622 // VULHUB: VHN-150973 // VULMON: CVE-2019-1861

AFFECTED PRODUCTS

vendor:ciscomodel:industrial network directorscope:ltversion:1.6.0

Trust: 1.0

vendor:ciscomodel:industrial network directorscope: - version: -

Trust: 0.8

vendor:ciscomodel:network level servicescope:eqversion:1.5(0.250)

Trust: 0.3

vendor:ciscomodel:industrial network directorscope:eqversion:1.5

Trust: 0.3

vendor:ciscomodel:industrial network directorscope:eqversion:1.4

Trust: 0.3

vendor:ciscomodel:industrial network directorscope:neversion:1.6

Trust: 0.3

sources: BID: 108622 // JVNDB: JVNDB-2019-005277 // NVD: CVE-2019-1861

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1861
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1861
value: HIGH

Trust: 1.0

NVD: CVE-2019-1861
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-158
value: HIGH

Trust: 0.6

VULHUB: VHN-150973
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1861
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1861
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-150973
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1861
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1861
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-150973 // VULMON: CVE-2019-1861 // JVNDB: JVNDB-2019-005277 // CNNVD: CNNVD-201906-158 // NVD: CVE-2019-1861 // NVD: CVE-2019-1861

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-434

Trust: 1.1

sources: VULHUB: VHN-150973 // JVNDB: JVNDB-2019-005277 // NVD: CVE-2019-1861

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-158

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-158

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005277

PATCH
title:cisco-sa-20190605-ind-rceurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce
Trust: 0.8
title:Cisco Industrial Network Director Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93250
Trust: 0.6
title:Cisco: Cisco Industrial Network Director Remote Code Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190605-ind-rce
Trust: 0.1
title:Threatposturl:https://threatpost.com/cisco-high-severity-bugs/145446/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1861 // 
            
            
            
            JVNDB: JVNDB-2019-005277 // 
            
            
            
            CNNVD: CNNVD-201906-158

EXTERNAL IDS
db:NVDid:CVE-2019-1861
Trust: 2.9
db:BIDid:108622
Trust: 2.1
db:JVNDBid:JVNDB-2019-005277
Trust: 0.8
db:CNNVDid:CNNVD-201906-158
Trust: 0.7
db:AUSCERTid:ESB-2019.2025.2
Trust: 0.6
db:AUSCERTid:ESB-2019.2025
Trust: 0.6
db:VULHUBid:VHN-150973
Trust: 0.1
db:VULMONid:CVE-2019-1861
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150973 // 
            
            
            
            VULMON: CVE-2019-1861 // 
            
            
            
            BID: 108622 // 
            
            
            
            JVNDB: JVNDB-2019-005277 // 
            
            
            
            CNNVD: CNNVD-201906-158 // 
            
            
            
            NVD: CVE-2019-1861

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-ind-rce
Trust: 2.8
url:http://www.securityfocus.com/bid/108622
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-1861
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1861
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-ind-xss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-ind-csrf
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2025.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2025/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/434.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-high-severity-bugs/145446/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150973 // 
            
            
            
            VULMON: CVE-2019-1861 // 
            
            
            
            BID: 108622 // 
            
            
            
            JVNDB: JVNDB-2019-005277 // 
            
            
            
            CNNVD: CNNVD-201906-158 // 
            
            
            
            NVD: CVE-2019-1861

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 108622 // 
            
            
            
            CNNVD: CNNVD-201906-158

SOURCES
db:VULHUBid:VHN-150973
db:VULMONid:CVE-2019-1861
db:BIDid:108622
db:JVNDBid:JVNDB-2019-005277
db:CNNVDid:CNNVD-201906-158
db:NVDid:CVE-2019-1861

LAST UPDATE DATE
2024-11-23T22:12:00.002000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150973date:2020-10-16T00:00:00
db:VULMONid:CVE-2019-1861date:2020-10-16T00:00:00
db:BIDid:108622date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-005277date:2019-06-18T00:00:00
db:CNNVDid:CNNVD-201906-158date:2020-10-28T00:00:00
db:NVDid:CVE-2019-1861date:2024-11-21T04:37:33.463

SOURCES RELEASE DATE
db:VULHUBid:VHN-150973date:2019-06-05T00:00:00
db:VULMONid:CVE-2019-1861date:2019-06-05T00:00:00
db:BIDid:108622date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-005277date:2019-06-18T00:00:00
db:CNNVDid:CNNVD-201906-158date:2019-06-05T00:00:00
db:NVDid:CVE-2019-1861date:2019-06-05T17:29:00.490