Details of VAR-202001-0495

ID

VAR-202001-0495

CVE

CVE-2019-16029

TITLE

Cisco Smart Software Manager On-Prem Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-014406

DESCRIPTION

A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition. Cisco Smart Software Manager On-Prem Contains an input validation vulnerability.Information is falsified and denial of service (DoS) May be in a state

Trust: 1.8

sources: NVD: CVE-2019-16029 // JVNDB: JVNDB-2019-014406 // VULHUB: VHN-148134 // VULMON: CVE-2019-16029

AFFECTED PRODUCTS

vendor:	cisco	model:	smart software manager on-prem	scope:	lt	version:	7-201910	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco smart software manager on-prem	scope:	eq	version:	-	Trust: 0.8
vendor:	cisco	model:	smart software manager on-prem	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2019-014406 // CNNVD: CNNVD-202001-1122 // NVD: CVE-2019-16029

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-16029
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-16029
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-16029
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202001-1122
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-148134
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-16029
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-16029
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-148134
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-16029
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-16029
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.0
Trust: 1.0
NVD:	CVE-2019-16029
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-148134 // VULMON: CVE-2019-16029 // JVNDB: JVNDB-2019-014406 // CNNVD: CNNVD-202001-1122 // NVD: CVE-2019-16029 // NVD: CVE-2019-16029

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-148134 // JVNDB: JVNDB-2019-014406 // NVD: CVE-2019-16029

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1122

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-1122

PATCH

title:	cisco-sa-20200122-on-prem-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos	Trust: 0.8
title:	Cisco Smart Software Manager On-Prem Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110444	Trust: 0.6
title:	Cisco: Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20200122-on-prem-dos	Trust: 0.1

sources: VULMON: CVE-2019-16029 // JVNDB: JVNDB-2019-014406 // CNNVD: CNNVD-202001-1122

EXTERNAL IDS

db:	NVD	id:	CVE-2019-16029	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-014406	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-1122	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0276	Trust: 0.6
db:	VULHUB	id:	VHN-148134	Trust: 0.1
db:	VULMON	id:	CVE-2019-16029	Trust: 0.1

sources: VULHUB: VHN-148134 // VULMON: CVE-2019-16029 // JVNDB: JVNDB-2019-014406 // CNNVD: CNNVD-202001-1122 // NVD: CVE-2019-16029

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200122-on-prem-dos	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16029	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.0276/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/174923	Trust: 0.1

sources: VULHUB: VHN-148134 // VULMON: CVE-2019-16029 // JVNDB: JVNDB-2019-014406 // CNNVD: CNNVD-202001-1122 // NVD: CVE-2019-16029

SOURCES

db:	VULHUB	id:	VHN-148134
db:	VULMON	id:	CVE-2019-16029
db:	JVNDB	id:	JVNDB-2019-014406
db:	CNNVD	id:	CNNVD-202001-1122
db:	NVD	id:	CVE-2019-16029

LAST UPDATE DATE

2024-11-23T22:25:38.645000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148134	date:	2020-01-31T00:00:00
db:	VULMON	id:	CVE-2019-16029	date:	2020-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2019-014406	date:	2020-02-14T00:00:00
db:	CNNVD	id:	CNNVD-202001-1122	date:	2020-02-26T00:00:00
db:	NVD	id:	CVE-2019-16029	date:	2024-11-21T04:29:57.700

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148134	date:	2020-01-26T00:00:00
db:	VULMON	id:	CVE-2019-16029	date:	2020-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-014406	date:	2020-02-14T00:00:00
db:	CNNVD	id:	CNNVD-202001-1122	date:	2020-01-26T00:00:00
db:	NVD	id:	CVE-2019-16029	date:	2020-01-26T05:15:17.083