CVE-2019-1688

{"id": "CVE-2019-1688", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 7.8, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2019-02-12T19:29:00.247", "references": [{"url": "http://www.securityfocus.com/bid/107010", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/107010", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1)."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web de Cisco Network Assurance Engine (NAE) podr\u00eda permitir que un atacante local no autenticado obtenga acceso no autorizado o provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el servidor. La vulnerabilidad se debe a un error en el sistema de gesti\u00f3n de contrase\u00f1as en NAE. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose con la contrase\u00f1a de administrador por defecto mediante la interfaz de l\u00ednea de comandos de un servidor afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante visualice informaci\u00f3n potencialmente sensible o haga que el servidor se caiga, provocando una denegaci\u00f3n de servicio (DoS). La vulnerabilidad afecta a Cisco Network Assurance Engine (NAE) Release 3.0(1). La condici\u00f3n de contrase\u00f1a por defecto solo afecta a nuevas instalaciones de Release 3.0(1)."}], "lastModified": "2024-11-21T04:37:06.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:network_assurance_engine:3.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "636DCAB4-3861-4CD1-8FFF-5B4B97FA1C23"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}