Cisco Expressway Series Directory Traversal Vulnerability
CVE-2019-1854

4.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Expressway
Vendor
CVE Published:
3 May 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface.

Affected Version(s)

Cisco Expressway < unspecified

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/108154
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2019/May/28
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.