CVE-2019-1794 - OpenCVE

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Meeting Server

Configuration 1 [-]

cpe:2.3:a:cisco:meeting_server:2.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/108032
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-04-18T00:35:18.813610Z

Updated: 2024-09-16T16:23:48.538Z

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1794

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-18T01:29:02.423

Modified: 2023-03-24T18:14:00.923

Link: CVE-2019-1794

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Directory Connector", "vendor": "Cisco", "versions": [{"status": "affected", "version": "2.2"}]}], "datePublic": "2019-04-17T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-23T09:06:05", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190417 Cisco Directory Connector Search Order Hijacking Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack"}, {"name": "108032", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108032"}], "source": {"advisory": "cisco-sa-20190417-cdc-hijack", "defect": [["CSCvk22605"]], "discovery": "INTERNAL"}, "title": "Cisco Directory Connector Search Order Hijacking Vulnerability", "workarounds": [{"lang": "en", "value": "To ensure that supporting dynamic link libraries (DLLs) are loaded from system locations prior to the user's current working directory, an administrator can verify SafeDLLSearchMode is enabled in the Windows Registry. This process is outlined in Deployment Guide for Cisco Directory Connector. Warning: Incorrectly modifying the system registry of a Microsoft Windows-based device may cause serious problems. Neither Cisco nor Microsoft can guarantee that problems that may result from improper registry modification, either from applying registry changes via a .reg file or by using the Registry Editor, can be resolved. Modify the registry of a system at the user's own risk."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-04-17T16:00:00-0700", "ID": "CVE-2019-1794", "STATE": "PUBLIC", "TITLE": "Cisco Directory Connector Search Order Hijacking Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Directory Connector", "version": {"version_data": [{"version_value": "2.2"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "5.1", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-427"}]}]}, "references": {"reference_data": [{"name": "20190417 Cisco Directory Connector Search Order Hijacking Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack"}, {"name": "108032", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108032"}]}, "source": {"advisory": "cisco-sa-20190417-cdc-hijack", "defect": [["CSCvk22605"]], "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "To ensure that supporting dynamic link libraries (DLLs) are loaded from system locations prior to the user's current working directory, an administrator can verify SafeDLLSearchMode is enabled in the Windows Registry. This process is outlined in Deployment Guide for Cisco Directory Connector. Warning: Incorrectly modifying the system registry of a Microsoft Windows-based device may cause serious problems. Neither Cisco nor Microsoft can guarantee that problems that may result from improper registry modification, either from applying registry changes via a .reg file or by using the Registry Editor, can be resolved. Modify the registry of a system at the user's own risk."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:28:42.890Z"}, "title": "CVE Program Container", "references": [{"name": "20190417 Cisco Directory Connector Search Order Hijacking Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack"}, {"name": "108032", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108032"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1794", "datePublished": "2019-04-18T00:35:18.813610Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-16T16:23:48.538Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:meeting_server:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D54E7F1E-A9DB-4192-AC10-B778D2A5D079", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources."}, {"lang": "es", "value": "Una vulnerabilidad en el proceso de b\u00fasqueda de ruta (search path) de Directory Connector de Cisco, podr\u00eda permitir a un atacante local autorizado cargar un binario de su elecci\u00f3n. La vulnerabilidad es debido a elementos de la ruta de b\u00fasqueda no controlada. Un atacante podr\u00eda explotar esta vulnerabilidad al colocar un binario de su elecci\u00f3n anteriormente en la ruta de b\u00fasqueda usada por Directory Connector de Cisco para localizar y cargar los recursos necesarios."}], "id": "CVE-2019-1794", "lastModified": "2023-03-24T18:14:00.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 4.2, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-18T01:29:02.423", "references": [{"source": "ykramarz@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108032"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}