Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2019-1919
HistoryJul 17, 2019 - 9:15 p.m.

CVE-2019-1919

2019-07-1721:15:12
CWE-798
cisco
web.nvd.nist.gov
34
cisco
findit
network management software
vm
images
vulnerability
root login
nvd
cve-2019-1919

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

5.1%

JSON

A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account with static credentials in the underlying Linux operating system. An attacker could exploit this vulnerability by logging in to the command line of the affected VM with the static account. A successful exploit could allow the attacker to log in with root-level privileges. This vulnerability affects only Cisco FindIT Network Manager and Cisco FindIT Network Probe Release 1.1.4 if these products are using Cisco-supplied VM images. No other releases or deployment models are known to be vulnerable.

Affected configurations

Nvd
Node
ciscofindit_network_managerMatch1.1.4
OR
ciscofindit_network_probeMatch1.1.4
VendorProductVersionCPE
ciscofindit_network_manager1.1.4cpe:2.3:a:cisco:findit_network_manager:1.1.4:*:*:*:*:*:*:*
ciscofindit_network_probe1.1.4cpe:2.3:a:cisco:findit_network_probe:1.1.4:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco FindIT Network Manager",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "2.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
prion 1
cisco 1
cvelist 1
nvd
nvd
CVE-2019-1919
2019-07-17 21:15:12
prion
prion
Design/Logic Flaw
2019-07-17 21:15:00
cisco
cisco
Cisco FindIT Network Management Software Static Credentials Vulnerability
2019-07-17 16:00:00
cvelist
cvelist
CVE-2019-1919 Cisco FindIT Network Management Software Static Credentials Vulnerability
2019-07-17 20:20:18

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2019-1919
nvd1prion1cisco1cvelist1