CVE-2019-1854

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html
http://seclists.org/fulldisclosure/2019/May/28
http://www.securityfocus.com/bid/108154
https://seclists.org/bugtraq/2019/May/49
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-03 17:29

Updated : 2019-05-20 17:29

NVD link : CVE-2019-1854

Mitre link : CVE-2019-1854

CVE.ORG link : CVE-2019-1854

JSON object : View

Products Affected

cisco

telepresence_video_communication_server

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2019-1854", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.3}]}, "published": "2019-05-03T17:29:01.297", "references": [{"url": "http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html", "source": "ykramarz@cisco.com"}, {"url": "http://seclists.org/fulldisclosure/2019/May/28", "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/108154", "source": "ykramarz@cisco.com"}, {"url": "https://seclists.org/bugtraq/2019/May/49", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web de gesti\u00f3n de Cisco Expressway Series podr\u00eda permitir a un atacante remoto autenticado realizar un ataque de salto de directorio contra un dispositivo afectado. La vulnerabilidad se debe a una validaci\u00f3n insuficiente de entrada en la interfaz web. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una petici\u00f3n HTTP a la interfaz web. Un exploit exitoso podr\u00eda permitir al atacante eludir las restricciones de seguridad y acceder a la interfaz web de un Cisco Unified Communications Manager asociado con el dispositivo afectado. Se necesitar\u00edan credenciales v\u00e1lidas para acceder a la interfaz de Cisco Unified Communications Manager."}], "lastModified": "2019-05-20T17:29:17.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B0797D8-2E6F-4121-B3BD-509994DF9D9A"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-1854

4.3^/10

4.0^/10

Attach tags to `CVE-2019-1854`