Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2019-1673First vendor Publication2019-02-08
VendorCveLast vendor Modification2019-02-14

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Cvss Base Score3.5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. For information about fixed software releases, consult the Cisco bug ID at https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn64652. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1673

CWE : Common Weakness Enumeration

%idName
100 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/106915
CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-02-15 12:08:41
  • Multiple Updates
2019-02-10 12:03:32
  • Multiple Updates
2019-02-09 12:06:55
  • First insertion