Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2019-16029 | First vendor Publication | 2020-01-26 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 9.1 | ||
| Base Score | 9.1 | Environmental Score | 9.1 |
| impact SubScore | 5.2 | Temporal Score | 9.1 |
| Exploitabality Sub Score | 3.9 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | None |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.4 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16029 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | Cisco Smart Software Manager denial of service attempt RuleID : 52644 - Revision : 1 - Type : SERVER-WEBAPP |
| 2020-12-05 | Cisco Smart Software Manager denial of service attempt RuleID : 52643 - Revision : 1 - Type : SERVER-WEBAPP |
| 2020-12-05 | Cisco Smart Software Manager unauthorized password change attempt RuleID : 52642 - Revision : 1 - Type : SERVER-WEBAPP |
| 2020-12-05 | Cisco Smart Software Manager unauthorized password change attempt RuleID : 52641 - Revision : 1 - Type : SERVER-WEBAPP |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 13:28:00 |
|
| 2021-05-04 13:31:53 |
|
| 2021-04-22 02:45:26 |
|
| 2020-12-05 21:23:47 |
|
| 2020-05-23 02:25:52 |
|
