CVE-2019-1854 - OpenCVE

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Telepresence Video Communication Server

Configuration 1 [-]

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html
http://seclists.org/fulldisclosure/2019/May/28
http://www.securityfocus.com/bid/108154
https://seclists.org/bugtraq/2019/May/49
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2019-05-01T00:00:00

Updated: 2019-05-20T16:06:02

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1854

JSON object: View

NVD Information

Status : Modified

Published: 2019-05-03T17:29:01.297

Modified: 2019-05-20T17:29:17.767

Link: CVE-2019-1854

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Cisco Expressway ", "vendor": "Cisco", "versions": [{"lessThan": "X12.5.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-05-20T16:06:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190501 Cisco Expressway Series Directory Traversal Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal"}, {"name": "108154", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108154"}, {"name": "20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/May/28"}, {"name": "20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/May/49"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html"}], "source": {"advisory": "cisco-sa-20190501-expressway-traversal", "defect": [["CSCvo47769"]], "discovery": "INTERNAL"}, "title": "Cisco Expressway Series Directory Traversal Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-01T16:00:00-0700", "ID": "CVE-2019-1854", "STATE": "PUBLIC", "TITLE": "Cisco Expressway Series Directory Traversal Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Expressway ", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "X12.5.2"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "4.1", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "20190501 Cisco Expressway Series Directory Traversal Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal"}, {"name": "108154", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108154"}, {"name": "20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/28"}, {"name": "20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/49"}, {"name": "http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html"}]}, "source": {"advisory": "cisco-sa-20190501-expressway-traversal", "defect": [["CSCvo47769"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1854", "datePublished": "2019-05-01T00:00:00", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2019-05-20T16:06:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "6B0797D8-2E6F-4121-B3BD-509994DF9D9A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web de gesti\u00f3n de Cisco Expressway Series podr\u00eda permitir a un atacante remoto autenticado realizar un ataque de salto de directorio contra un dispositivo afectado. La vulnerabilidad se debe a una validaci\u00f3n insuficiente de entrada en la interfaz web. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una petici\u00f3n HTTP a la interfaz web. Un exploit exitoso podr\u00eda permitir al atacante eludir las restricciones de seguridad y acceder a la interfaz web de un Cisco Unified Communications Manager asociado con el dispositivo afectado. Se necesitar\u00edan credenciales v\u00e1lidas para acceder a la interfaz de Cisco Unified Communications Manager."}], "id": "CVE-2019-1854", "lastModified": "2019-05-20T17:29:17.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2019-05-03T17:29:01.297", "references": [{"source": "ykramarz@cisco.com", "url": "http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html"}, {"source": "ykramarz@cisco.com", "url": "http://seclists.org/fulldisclosure/2019/May/28"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/108154"}, {"source": "ykramarz@cisco.com", "url": "https://seclists.org/bugtraq/2019/May/49"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}