CVE-2019-1976

CWE-200Information Exposure4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.5%
top 35.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Cisco Industrial Network DirectorCisco Industrial Network DirectorCisco Network Level Service
Timeline
PublishedSep 5
Latest updateMay 24

Description

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about de

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5cisco/cisco_industrial_network_directorunspecified1.6.0
NVDcisco/network_level_service1.6\(0.369\)

🔴Vulnerability Details

2
GHSA
GHSA-xjjh-6mhx-q6jr: A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker t2022-05-24
CVEList
Cisco Industrial Network Director Configuration Data Information Disclosure Vulnerability2019-09-05

📋Vendor Advisories

1
Cisco
Cisco Industrial Network Director Configuration Data Information Disclosure Vulnerability2019-09-04
CVE-2019-1976 (CRITICAL CVSS 9.8) | A vulnerability in the “plug-and-pl | cvebase.io