VAR-201902-0454
Vulnerability from variot - Updated: 2023-12-18 13:28A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1). An attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvo18229. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network assurance engine",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "3.0(1)"
},
{
"model": "network assurance engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0\\(1\\)"
},
{
"model": "network assurance engine 3.0",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "107010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001961"
},
{
"db": "NVD",
"id": "CVE-2019-1688"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:network_assurance_engine:3.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1688"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.,Cisco",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-506"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1688",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 7.8,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 5.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-1688",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-149070",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-1688",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-1688",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1688",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-506",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-149070",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149070"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001961"
},
{
"db": "NVD",
"id": "CVE-2019-1688"
},
{
"db": "NVD",
"id": "CVE-2019-1688"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-506"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1). \nAn attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. \nThis issue is tracked by Cisco Bug ID CSCvo18229. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001961"
},
{
"db": "BID",
"id": "107010"
},
{
"db": "VULHUB",
"id": "VHN-149070"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1688",
"trust": 2.8
},
{
"db": "BID",
"id": "107010",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001961",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-506",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0448",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149070",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149070"
},
{
"db": "BID",
"id": "107010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001961"
},
{
"db": "NVD",
"id": "CVE-2019-1688"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-506"
}
]
},
"id": "VAR-201902-0454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-149070"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:28:39.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190212-nae-dos",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190212-nae-dos"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149070"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001961"
},
{
"db": "NVD",
"id": "CVE-2019-1688"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107010"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190212-nae-dos"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1688"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1688"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75502"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149070"
},
{
"db": "BID",
"id": "107010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001961"
},
{
"db": "NVD",
"id": "CVE-2019-1688"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-506"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-149070"
},
{
"db": "BID",
"id": "107010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001961"
},
{
"db": "NVD",
"id": "CVE-2019-1688"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-506"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-149070"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107010"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001961"
},
{
"date": "2019-02-12T19:29:00.247000",
"db": "NVD",
"id": "CVE-2019-1688"
},
{
"date": "2019-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-506"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-149070"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107010"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001961"
},
{
"date": "2023-03-23T17:36:31.277000",
"db": "NVD",
"id": "CVE-2019-1688"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-506"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "107010"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-506"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Network Assurance Engine Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001961"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-506"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…