Vulnerability CVE-2019-1645


Published: 2019-01-24

Description:
A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Cisco -> Connected mobile experiences 

 References:
http://www.securityfocus.com/bid/106701
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-discl

Copyright 2024, cxsecurity.com

 

Back to Top