CVE-2019-1917

Public PoC / Exploit

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system. The REST API is enabled by default and cannot be disabled.

Weaknesses (CWE)

CWE-287CWE-287

Affected Products (12)

cisco · vision_dynamic_signage_directorvulnerable

cisco · vision_dynamic_signage_director

References (4)

http://www.securityfocus.com/bid/109301

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth

Vendor Advisory

http://www.securityfocus.com/bid/109301

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth

Vendor Advisory