Sign-up

ID

VAR-201909-0985


CVE

CVE-2019-1976


TITLE

Cisco Industrial Network Director Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-008967

DESCRIPTION

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials. Cisco Industrial Network Director (IND) is an industrial automation management system from Cisco. The system is automated through the visualization of industrial Ethernet infrastructure

Trust: 2.43

sources: NVD: CVE-2019-1976 // JVNDB: JVNDB-2019-008967 // CNVD: CNVD-2019-31305 // IVD: 801b61f8-0383-43a5-bbfa-7c2266b6c142 // VULHUB: VHN-152238

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 801b61f8-0383-43a5-bbfa-7c2266b6c142 // CNVD: CNVD-2019-31305

AFFECTED PRODUCTS

vendor:ciscomodel:industrial network directorscope:ltversion:1.6.0

Trust: 1.6

vendor:ciscomodel:network level servicescope:eqversion:1.6\(0.369\)

Trust: 1.0

vendor:ciscomodel:industrial network directorscope:ltversion:1.7

Trust: 0.8

vendor:ciscomodel:network level servicescope: - version: -

Trust: 0.8

vendor:industrial network directormodel: - scope:eqversion:*

Trust: 0.2

vendor:network level servicemodel: - scope:eqversion:1.6(0.369)

Trust: 0.2

sources: IVD: 801b61f8-0383-43a5-bbfa-7c2266b6c142 // CNVD: CNVD-2019-31305 // JVNDB: JVNDB-2019-008967 // NVD: CVE-2019-1976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1976
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1976
value: HIGH

Trust: 1.0

NVD: CVE-2019-1976
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-31305
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-153
value: CRITICAL

Trust: 0.6

IVD: 801b61f8-0383-43a5-bbfa-7c2266b6c142
value: CRITICAL

Trust: 0.2

VULHUB: VHN-152238
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1976
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-31305
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 801b61f8-0383-43a5-bbfa-7c2266b6c142
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-152238
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1976
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1976
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-1976
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 801b61f8-0383-43a5-bbfa-7c2266b6c142 // CNVD: CNVD-2019-31305 // VULHUB: VHN-152238 // JVNDB: JVNDB-2019-008967 // CNNVD: CNNVD-201909-153 // NVD: CVE-2019-1976 // NVD: CVE-2019-1976

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-152238 // JVNDB: JVNDB-2019-008967 // NVD: CVE-2019-1976

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-153

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201909-153

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008967

PATCH
title:cisco-sa-20190904-indurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-ind
Trust: 0.8
title:Patch for Cisco Industrial Network Director Information Disclosure Vulnerability (CNVD-2019-31305)url:https://www.cnvd.org.cn/patchInfo/show/180085
Trust: 0.6
title:Cisco Industrial Network Director Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97915
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-31305 // 
            
            
            
            JVNDB: JVNDB-2019-008967 // 
            
            
            
            CNNVD: CNNVD-201909-153

EXTERNAL IDS
db:NVDid:CVE-2019-1976
Trust: 3.3
db:CNVDid:CNVD-2019-31305
Trust: 0.8
db:CNNVDid:CNNVD-201909-153
Trust: 0.8
db:JVNDBid:JVNDB-2019-008967
Trust: 0.8
db:AUSCERTid:ESB-2019.3365
Trust: 0.6
db:IVDid:801B61F8-0383-43A5-BBFA-7C2266B6C142
Trust: 0.2
db:VULHUBid:VHN-152238
Trust: 0.1
sources:
            
            
            IVD: 801b61f8-0383-43a5-bbfa-7c2266b6c142 // 
            
            
            
            CNVD: CNVD-2019-31305 // 
            
            
            
            VULHUB: VHN-152238 // 
            
            
            
            JVNDB: JVNDB-2019-008967 // 
            
            
            
            CNNVD: CNNVD-201909-153 // 
            
            
            
            NVD: CVE-2019-1976

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-1976
Trust: 2.0
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190904-ind
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1976
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.3365/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-31305 // 
            
            
            
            VULHUB: VHN-152238 // 
            
            
            
            JVNDB: JVNDB-2019-008967 // 
            
            
            
            CNNVD: CNNVD-201909-153 // 
            
            
            
            NVD: CVE-2019-1976

SOURCES
db:IVDid:801b61f8-0383-43a5-bbfa-7c2266b6c142
db:CNVDid:CNVD-2019-31305
db:VULHUBid:VHN-152238
db:JVNDBid:JVNDB-2019-008967
db:CNNVDid:CNNVD-201909-153
db:NVDid:CVE-2019-1976

LAST UPDATE DATE
2024-11-23T23:04:38.142000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-31305date:2019-09-12T00:00:00
db:VULHUBid:VHN-152238date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-008967date:2019-09-10T00:00:00
db:CNNVDid:CNNVD-201909-153date:2019-09-09T00:00:00
db:NVDid:CVE-2019-1976date:2024-11-21T04:37:48.620

SOURCES RELEASE DATE
db:IVDid:801b61f8-0383-43a5-bbfa-7c2266b6c142date:2019-09-12T00:00:00
db:CNVDid:CNVD-2019-31305date:2019-09-11T00:00:00
db:VULHUBid:VHN-152238date:2019-09-05T00:00:00
db:JVNDBid:JVNDB-2019-008967date:2019-09-10T00:00:00
db:CNNVDid:CNNVD-201909-153date:2019-09-04T00:00:00
db:NVDid:CVE-2019-1976date:2019-09-05T02:15:13.387