Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability
CVE-2019-16004

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Vision Dynamic Signage Director
Vendor: CVE Published:; 23 September 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API.

Affected Version(s)

Cisco Vision Dynamic Signage Director

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Sep 23, 2020
Vulnerability Reserved
Sep 6, 2019