CVE-2019-1854

CWE-22Path Traversal4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 84.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco ExpresswayCisco Telepresence Video Communication Server
Timeline
PublishedMay 3
Latest updateMay 24

Description

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Comm

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_expresswayunspecifiedX12.5.2

🔴Vulnerability Details

2
GHSA
GHSA-r7gg-wq5p-qhgv: A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traver2022-05-24
CVEList
Cisco Expressway Series Directory Traversal Vulnerability2019-05-03

📋Vendor Advisories

1
Cisco
Cisco Expressway Series Directory Traversal Vulnerability2019-05-01
CVE-2019-1854 (MEDIUM CVSS 4.3) | A vulnerability in the management w | cvebase.io