CVE-2019-1906 — Improper Input Validation in Cisco Prime Infrastructure

CWE-264 CWE-20 — Improper Input Validation6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 67.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Infrastructure Cisco Prime Infrastructure

Timeline

PublishedJun 20

Latest updateMay 24

Description

A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/prime_infrastructure3.6

▶CVEListV5cisco/cisco_prime_infrastructure3.6(0.0)

🔴Vulnerability Details

GHSA

GHSA-2hm4-qrp4-v66v: A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual do↗2022-05-24

▶

CVEList

Cisco Prime Infrastructure Virtual Domain Privilege Escalation Vulnerability↗2019-06-20

▶

📋Vendor Advisories

Citrix

CVE-2019-12292: Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.↗2019-06-24

▶

Cisco

Cisco Prime Infrastructure and Evolved Programmable Network Manager Virtual Domain Privilege Escalation Vulnerability↗2019-06-19

▶

💬Community

Bugzilla

CVE-2019-20392 libyang: invalid memory access when if-feature statement is used inside a list key node↗2020-01-22

▶