CVE-2019-1854

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-03 17:29

Updated : 2024-02-28 17:08


NVD link : CVE-2019-1854

Mitre link : CVE-2019-1854

CVE.ORG link : CVE-2019-1854


JSON object : View

Products Affected

cisco

  • telepresence_video_communication_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')