CVE-2019-1854 - OpenCVE

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Telepresence Video Communication Server

Configuration 1 [-]

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html
http://seclists.org/fulldisclosure/2019/May/28
http://www.securityfocus.com/bid/108154
https://seclists.org/bugtraq/2019/May/49
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-05-03T16:35:14.448900Z

Updated: 2024-09-16T17:23:26.732Z

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1854

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-03T17:29:01.297

Modified: 2019-05-20T17:29:17.767

Link: CVE-2019-1854

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Expressway", "vendor": "Cisco", "versions": [{"lessThan": "X12.5.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-05-20T16:06:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190501 Cisco Expressway Series Directory Traversal Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal"}, {"name": "108154", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108154"}, {"name": "20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/May/28"}, {"name": "20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/May/49"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html"}], "source": {"advisory": "cisco-sa-20190501-expressway-traversal", "defect": [["CSCvo47769"]], "discovery": "INTERNAL"}, "title": "Cisco Expressway Series Directory Traversal Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-01T16:00:00-0700", "ID": "CVE-2019-1854", "STATE": "PUBLIC", "TITLE": "Cisco Expressway Series Directory Traversal Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Expressway", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "X12.5.2"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "4.1", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "20190501 Cisco Expressway Series Directory Traversal Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal"}, {"name": "108154", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108154"}, {"name": "20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/28"}, {"name": "20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/49"}, {"name": "http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html"}]}, "source": {"advisory": "cisco-sa-20190501-expressway-traversal", "defect": [["CSCvo47769"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:28:42.875Z"}, "title": "CVE Program Container", "references": [{"name": "20190501 Cisco Expressway Series Directory Traversal Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal"}, {"name": "108154", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108154"}, {"name": "20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/May/28"}, {"name": "20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/May/49"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1854", "datePublished": "2019-05-03T16:35:14.448900Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-16T17:23:26.732Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "6B0797D8-2E6F-4121-B3BD-509994DF9D9A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web de gesti\u00f3n de Cisco Expressway Series podr\u00eda permitir a un atacante remoto autenticado realizar un ataque de salto de directorio contra un dispositivo afectado. La vulnerabilidad se debe a una validaci\u00f3n insuficiente de entrada en la interfaz web. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una petici\u00f3n HTTP a la interfaz web. Un exploit exitoso podr\u00eda permitir al atacante eludir las restricciones de seguridad y acceder a la interfaz web de un Cisco Unified Communications Manager asociado con el dispositivo afectado. Se necesitar\u00edan credenciales v\u00e1lidas para acceder a la interfaz de Cisco Unified Communications Manager."}], "id": "CVE-2019-1854", "lastModified": "2019-05-20T17:29:17.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2019-05-03T17:29:01.297", "references": [{"source": "ykramarz@cisco.com", "url": "http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html"}, {"source": "ykramarz@cisco.com", "url": "http://seclists.org/fulldisclosure/2019/May/28"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/108154"}, {"source": "ykramarz@cisco.com", "url": "https://seclists.org/bugtraq/2019/May/49"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-expressway-traversal"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}