CVE-2019-1807

A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user's browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required.

CVSS v3 7.6 HIGH
CVSS v2.0 6.8 MEDIUM

7.6^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Exploitability : 2.1 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-udb-sm	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-udb-sm	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:37

Type	Values Removed	Values Added
CVSS	v2 : ~~6.8~~ v3 : ~~8.8~~	v2 : 6.8 v3 : 7.6
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-udb-sm - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-udb-sm - Vendor Advisory

Information

Published : 2019-05-03 17:29

Updated : 2024-11-21 04:37

NVD link : CVE-2019-1807

Mitre link : CVE-2019-1807

CVE.ORG link : CVE-2019-1807

JSON object : View

Products Affected

cisco

umbrella

CWE

CWE-384

Session Fixation

{"id": "CVE-2019-1807", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-05-03T17:29:00.877", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-udb-sm", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-udb-sm", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-384"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user's browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de administraci\u00f3n de sesi\u00f3n (session management) de la interfaz de usuario web para el Panel Umbrella de Cisco, podr\u00eda permitir que un atacante remoto identificado acceda al Panel por medio de una sesi\u00f3n de usuario activa. La vulnerabilidad existe debido a que la aplicaci\u00f3n afectada no incorporando una sesi\u00f3n existente cuando un usuario se identifica en la aplicaci\u00f3n y cambia las credenciales de los usuarios mediante otra sesi\u00f3n autorizada. Un atacante podr\u00eda aprovechar esta vulnerabilidad usando una sesi\u00f3n activa, autorizada y separada para conectarse a la aplicaci\u00f3n por medio de la interfaz de usuario web. Una operaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante mantener el acceso al panel por medio de una sesi\u00f3n de navegador autorizada del usuario. Cisco ha abordado esta vulnerabilidad en el Panel Umbrella de Cisco. No es requerida ninguna acci\u00f3n del usuario."}], "lastModified": "2024-11-21T04:37:25.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6383EE3F-ED8A-4E50-89DD-E0C496E9D466"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}