Sign-up

ID

VAR-201907-1631


CVE

CVE-2019-1940


TITLE

Cisco Industrial Network Director Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006934

DESCRIPTION

A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software. At the time of publication, this vulnerability affected Cisco IND Software releases prior to 1.7. Cisco Industrial Network Director (IND) Contains a cryptographic vulnerability.Information may be obtained. The system is automated through the visualization of industrial Ethernet infrastructure. The WebServicesManagementAgent (WSMA) feature in previous versions of Cisco IND1.7 had an encryption vulnerability that caused the program to fail to fully validate the X.509 certificate. This issue is being tracked by Cisco Bug ID CSCvp13125

Trust: 2.7

sources: NVD: CVE-2019-1940 // JVNDB: JVNDB-2019-006934 // CNVD: CNVD-2019-23297 // BID: 109296 // IVD: 065f2c9f-1782-4d76-b181-d6f1e0a3edf7 // VULHUB: VHN-151842

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 065f2c9f-1782-4d76-b181-d6f1e0a3edf7 // CNVD: CNVD-2019-23297

AFFECTED PRODUCTS

vendor:ciscomodel:industrial network directorscope:ltversion:1.7

Trust: 2.4

vendor:ciscomodel:industrial network directorscope:eqversion:1.6

Trust: 0.3

vendor:ciscomodel:industrial network directorscope:eqversion:1.5

Trust: 0.3

vendor:ciscomodel:industrial network directorscope:eqversion:1.4

Trust: 0.3

vendor:ciscomodel:industrial network directorscope:neversion:1.7

Trust: 0.3

vendor:industrial network directormodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 065f2c9f-1782-4d76-b181-d6f1e0a3edf7 // CNVD: CNVD-2019-23297 // BID: 109296 // JVNDB: JVNDB-2019-006934 // NVD: CVE-2019-1940

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1940
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1940
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1940
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-23297
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-1023
value: MEDIUM

Trust: 0.6

IVD: 065f2c9f-1782-4d76-b181-d6f1e0a3edf7
value: MEDIUM

Trust: 0.2

VULHUB: VHN-151842
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1940
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-23297
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 065f2c9f-1782-4d76-b181-d6f1e0a3edf7
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-151842
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1940
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1940
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-1940
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 065f2c9f-1782-4d76-b181-d6f1e0a3edf7 // CNVD: CNVD-2019-23297 // VULHUB: VHN-151842 // JVNDB: JVNDB-2019-006934 // CNNVD: CNNVD-201907-1023 // NVD: CVE-2019-1940 // NVD: CVE-2019-1940

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

problemtype:CWE-295

Trust: 1.0

sources: VULHUB: VHN-151842 // JVNDB: JVNDB-2019-006934 // NVD: CVE-2019-1940

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1023

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-1023

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006934

PATCH
title:cisco-sa-20190717-wsma-infourl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-wsma-info
Trust: 0.8
title:Patch for CiscoIndustrialNetworkDirector Encryption Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/169901
Trust: 0.6
title:Cisco Industrial Network Director Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95050
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-23297 // 
            
            
            
            JVNDB: JVNDB-2019-006934 // 
            
            
            
            CNNVD: CNNVD-201907-1023

EXTERNAL IDS
db:NVDid:CVE-2019-1940
Trust: 3.6
db:BIDid:109296
Trust: 2.0
db:CNNVDid:CNNVD-201907-1023
Trust: 0.9
db:CNVDid:CNVD-2019-23297
Trust: 0.8
db:JVNDBid:JVNDB-2019-006934
Trust: 0.8
db:AUSCERTid:ESB-2019.2679
Trust: 0.6
db:NSFOCUSid:43833
Trust: 0.6
db:IVDid:065F2C9F-1782-4D76-B181-D6F1E0A3EDF7
Trust: 0.2
db:VULHUBid:VHN-151842
Trust: 0.1
sources:
            
            
            IVD: 065f2c9f-1782-4d76-b181-d6f1e0a3edf7 // 
            
            
            
            CNVD: CNVD-2019-23297 // 
            
            
            
            VULHUB: VHN-151842 // 
            
            
            
            BID: 109296 // 
            
            
            
            JVNDB: JVNDB-2019-006934 // 
            
            
            
            CNNVD: CNNVD-201907-1023 // 
            
            
            
            NVD: CVE-2019-1940

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190717-wsma-info
Trust: 3.2
url:http://www.securityfocus.com/bid/109296
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-1940
Trust: 2.0
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1940
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2679/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/43833
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-23297 // 
            
            
            
            VULHUB: VHN-151842 // 
            
            
            
            BID: 109296 // 
            
            
            
            JVNDB: JVNDB-2019-006934 // 
            
            
            
            CNNVD: CNNVD-201907-1023 // 
            
            
            
            NVD: CVE-2019-1940

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 109296 // 
            
            
            
            CNNVD: CNNVD-201907-1023

SOURCES
db:IVDid:065f2c9f-1782-4d76-b181-d6f1e0a3edf7
db:CNVDid:CNVD-2019-23297
db:VULHUBid:VHN-151842
db:BIDid:109296
db:JVNDBid:JVNDB-2019-006934
db:CNNVDid:CNNVD-201907-1023
db:NVDid:CVE-2019-1940

LAST UPDATE DATE
2024-11-23T23:08:18.192000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-23297date:2019-07-19T00:00:00
db:VULHUBid:VHN-151842date:2019-10-09T00:00:00
db:BIDid:109296date:2019-07-17T00:00:00
db:JVNDBid:JVNDB-2019-006934date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-1023date:2021-11-02T00:00:00
db:NVDid:CVE-2019-1940date:2024-11-21T04:37:43.857

SOURCES RELEASE DATE
db:IVDid:065f2c9f-1782-4d76-b181-d6f1e0a3edf7date:2019-07-19T00:00:00
db:CNVDid:CNVD-2019-23297date:2019-07-19T00:00:00
db:VULHUBid:VHN-151842date:2019-07-17T00:00:00
db:BIDid:109296date:2019-07-17T00:00:00
db:JVNDBid:JVNDB-2019-006934date:2019-07-30T00:00:00
db:CNNVDid:CNNVD-201907-1023date:2019-07-17T00:00:00
db:NVDid:CVE-2019-1940date:2019-07-17T21:15:12.250