ID

VAR-201906-0692


CVE

CVE-2019-1906


TITLE

Cisco Prime Infrastructure Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-005715

DESCRIPTION

A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges. Cisco Prime Infrastructure (PI) Vulnerabilities related to authorization, authority, and access controlInformation may be tampered with. This issue is being tracked by Cisco Bug ID CSCvo46881. The product integrates Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS). Virtual Domain system is one of the virtual domain systems

Trust: 1.98

sources: NVD: CVE-2019-1906 // JVNDB: JVNDB-2019-005715 // BID: 108855 // VULHUB: VHN-151468

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion:3.6

Trust: 1.0

vendor:ciscomodel:prime infrastructurescope: - version: -

Trust: 0.8

vendor:ciscomodel:prime infrastructurescope:eqversion:3.6(0.0)

Trust: 0.3

sources: BID: 108855 // JVNDB: JVNDB-2019-005715 // NVD: CVE-2019-1906

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1906
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1906
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1906
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-800
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151468
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1906
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151468
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1906
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1906
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-1906
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151468 // JVNDB: JVNDB-2019-005715 // CNNVD: CNNVD-201906-800 // NVD: CVE-2019-1906 // NVD: CVE-2019-1906

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-151468 // JVNDB: JVNDB-2019-005715 // NVD: CVE-2019-1906

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-800

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 108855 // CNNVD: CNNVD-201906-800

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005715

PATCH

title:cisco-sa-20190619-prime-privescalurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-prime-privescal

Trust: 0.8

title:Cisco Prime Infrastructure Virtual Domain Fixes for system permissions permissions and access control issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93950

Trust: 0.6

sources: JVNDB: JVNDB-2019-005715 // CNNVD: CNNVD-201906-800

EXTERNAL IDS

db:NVDid:CVE-2019-1906

Trust: 2.8

db:BIDid:108855

Trust: 2.0

db:JVNDBid:JVNDB-2019-005715

Trust: 0.8

db:CNNVDid:CNNVD-201906-800

Trust: 0.7

db:AUSCERTid:ESB-2019.2189

Trust: 0.6

db:AUSCERTid:ESB-2020.0200

Trust: 0.6

db:AUSCERTid:ESB-2020.0766

Trust: 0.6

db:VULHUBid:VHN-151468

Trust: 0.1

sources: VULHUB: VHN-151468 // BID: 108855 // JVNDB: JVNDB-2019-005715 // CNNVD: CNNVD-201906-800 // NVD: CVE-2019-1906

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-prime-privescal

Trust: 2.0

url:http://www.securityfocus.com/bid/108855

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1906

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1906

Trust: 0.8

url:https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-psc-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-psc-csrf

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0200/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0766/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2189/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-prime-infrastructure-privilege-escalation-via-virtual-domain-configuration-29571

Trust: 0.6

sources: VULHUB: VHN-151468 // BID: 108855 // JVNDB: JVNDB-2019-005715 // CNNVD: CNNVD-201906-800 // NVD: CVE-2019-1906

CREDITS

Cisco.

Trust: 0.9

sources: BID: 108855 // CNNVD: CNNVD-201906-800

SOURCES

db:VULHUBid:VHN-151468
db:BIDid:108855
db:JVNDBid:JVNDB-2019-005715
db:CNNVDid:CNNVD-201906-800
db:NVDid:CVE-2019-1906

LAST UPDATE DATE

2024-11-23T20:21:23.862000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-151468date:2020-10-16T00:00:00
db:BIDid:108855date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005715date:2019-06-27T00:00:00
db:CNNVDid:CNNVD-201906-800date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1906date:2024-11-21T04:37:39.573

SOURCES RELEASE DATE

db:VULHUBid:VHN-151468date:2019-06-20T00:00:00
db:BIDid:108855date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005715date:2019-06-27T00:00:00
db:CNNVDid:CNNVD-201906-800date:2019-06-20T00:00:00
db:NVDid:CVE-2019-1906date:2019-06-20T03:15:12.650