Cisco Unified Intelligence Center Remote File Injection Vulnerability
CVE-2019-1860

5.9MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Unified Intelligence Center
Vendor
CVE Published:
16 May 2019

Badges

đź‘ľ Exploit Exists

Summary

A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user’s browser and Cisco Unified Intelligence Center in the context of the malicious gadget.

Affected Version(s)

Cisco Unified Intelligence Center < unspecified

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/108354
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • đź‘ľ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.