CVE-2019-1940

CWE-310CWE-295Improper Certificate Validation4 documents4 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 70.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Industrial Network DirectorCisco Industrial Network Director
Timeline
PublishedJul 17
Latest updateMay 24

Description

A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_industrial_network_directorunspecified1.7

🔴Vulnerability Details

2
GHSA
GHSA-c35r-wfp8-2j62: A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote2022-05-24
CVEList
Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability2019-07-17

📋Vendor Advisories

1
Cisco
Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability2019-07-17
CVE-2019-1940 (MEDIUM CVSS 5.9) | A vulnerability in the Web Services | cvebase.io