cbcvebase.
CVE-2019-1917
published 2019-07-17

CVE-2019-1917: A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on…

PriorityP269critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.34%
91.6th percentile
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system. The REST API is enabled by default and cannot be disabled.

Affected

6 ranges
VendorProductVersion rangeFixed in
ciscocisco_vision_dynamic_signage_director>= unspecified < 6.1sp36.1sp3
ciscovision_dynamic_signage_director<= 5.0
ciscovision_dynamic_signage_director
ciscovision_dynamic_signage_director
ciscovision_dynamic_signage_director6.0 – 6.1
ciscovision_dynamic_signage_director_rest

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is a crafted HTTP request to the REST API interface of Cisco Vision Dynamic Signage Director that bypasses authentication — monitor for unauthenticated REST API calls that successfully perform administrative actions.
  • The REST API is always exposed (enabled by default and cannot be disabled); any unauthenticated REST API administrative activity on Cisco Vision Dynamic Signage Director should be treated as suspicious.
  • ·There are no workarounds available for this vulnerability; the only remediation is applying Cisco's software update.
  • ·The vulnerability is rooted in insufficient HTTP request validation (CWE-287 — improper authentication), meaning authentication checks on the REST API can be bypassed without valid credentials.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.1CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.