Cisco Unified Intelligence Center Remote File Injection Vulnerability
CVE-2019-1860

5.9MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Intelligence Center
Vendor: CVE Published:; 16 May 2019

Badges

👾 Exploit Exists

What is CVE-2019-1860?

A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user’s browser and Cisco Unified Intelligence Center in the context of the malicious gadget.

Affected Version(s)

Cisco Unified Intelligence Center < unspecified

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/108354

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
May 16, 2019
Vulnerability Reserved
Dec 6, 2018