ID |
CVE-2019-1860
|
Summary |
A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user’s browser and Cisco Unified Intelligence Center in the context of the malicious gadget. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 4.0 (as of 17-05-2019 - 06:29) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-99 |
CAPEC |
-
Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
-
Manipulating Writeable Configuration Files
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
-
Resource Injection
An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:N/AC:H/Au:N/C:P/I:P/A:N
|
refmap
via4
|
bid | 108354 | cisco | 20190515 Cisco Unified Intelligence Center Remote File Injection Vulnerability |
|
Last major update |
17-05-2019 - 06:29 |
Published |
16-05-2019 - 02:29 |
Last modified |
17-05-2019 - 06:29 |