Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2019-1722First vendor Publication2019-04-17
VendorCveLast vendor Modification2019-04-19

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1722

CWE : Common Weakness Enumeration

%idName
100 %CWE-352Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application50

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/108006
CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-06-13 12:10:07
  • Multiple Updates
2019-04-19 21:19:28
  • Multiple Updates
2019-04-19 17:18:59
  • Multiple Updates
2019-04-18 09:19:12
  • First insertion