CVE-2019-1659Improper Certificate Validation in Cisco Prime Infrastructure

CWE-295Improper Certificate Validation4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.2%
top 59.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Prime InfrastructureCisco Prime Infrastructure
Timeline
PublishedFeb 21
Latest updateMay 13

Description

A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept c

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5cisco/cisco_prime_infrastructurenext of 2.2unspecified+1
NVDcisco/prime_infrastructure2.23.4.0

🔴Vulnerability Details

2
GHSA
GHSA-5vxf-pm6w-9vfm: A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote at2022-05-13
CVEList
Cisco Prime Infrastructure Certificate Validation Vulnerability2019-02-21

📋Vendor Advisories

1
Cisco
Cisco Prime Infrastructure Certificate Validation Vulnerability2019-02-20
CVE-2019-1659 — Improper Certificate Validation | cvebase