cnvd - cnvd-2019-06588

cnvd-2019-06588

Vulnerability from cnvd

Title: Cisco Prime Infrastructure SSL证书验证安全绕过漏洞

Description:

Cisco Prime Infrastructure是一种网络管理工具，支持从一个图形界面对整个网络基础设施进行全生命周期管理。

Cisco Prime Infrastructure (PI)的身份服务引擎（ISE）集成特性存在SSL证书验证安全绕过漏洞。该漏洞源于程序未能正确地验证服务器SSL证书。远程攻击者可借助特制的SSL证书利用该漏洞实施中间人攻击，查看并修改敏感信息。

Severity: 中

Patch Name: Cisco Prime Infrastructure SSL证书验证安全绕过漏洞的补丁

Patch Description:

Cisco Prime Infrastructure是一种网络管理工具，支持从一个图形界面对整个网络基础设施进行全生命周期管理。

Cisco Prime Infrastructure (PI)的身份服务引擎（ISE）集成特性存在SSL证书验证安全绕过漏洞。该漏洞源于程序未能正确地验证服务器SSL证书。远程攻击者可借助特制的SSL证书利用该漏洞实施中间人攻击，查看并修改敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation

Impacted products

Name
Cisco Prime Infrastructure 3.5

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "107092"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1659"
    }
  },
  "description": "Cisco Prime Infrastructure\u662f\u4e00\u79cd\u7f51\u7edc\u7ba1\u7406\u5de5\u5177\uff0c\u652f\u6301\u4ece\u4e00\u4e2a\u56fe\u5f62\u754c\u9762\u5bf9\u6574\u4e2a\u7f51\u7edc\u57fa\u7840\u8bbe\u65bd\u8fdb\u884c\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002\n\nCisco Prime Infrastructure (PI)\u7684\u8eab\u4efd\u670d\u52a1\u5f15\u64ce\uff08ISE\uff09\u96c6\u6210\u7279\u6027\u5b58\u5728SSL\u8bc1\u4e66\u9a8c\u8bc1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u9a8c\u8bc1\u670d\u52a1\u5668SSL\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684SSL\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u67e5\u770b\u5e76\u4fee\u6539\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-06588",
  "openTime": "2019-03-08",
  "patchDescription": "Cisco Prime Infrastructure\u662f\u4e00\u79cd\u7f51\u7edc\u7ba1\u7406\u5de5\u5177\uff0c\u652f\u6301\u4ece\u4e00\u4e2a\u56fe\u5f62\u754c\u9762\u5bf9\u6574\u4e2a\u7f51\u7edc\u57fa\u7840\u8bbe\u65bd\u8fdb\u884c\u5168\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002\r\n\r\nCisco Prime Infrastructure (PI)\u7684\u8eab\u4efd\u670d\u52a1\u5f15\u64ce\uff08ISE\uff09\u96c6\u6210\u7279\u6027\u5b58\u5728SSL\u8bc1\u4e66\u9a8c\u8bc1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u9a8c\u8bc1\u670d\u52a1\u5668SSL\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684SSL\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u67e5\u770b\u5e76\u4fee\u6539\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Prime Infrastructure SSL\u8bc1\u4e66\u9a8c\u8bc1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Prime Infrastructure 3.5"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation",
  "serverity": "\u4e2d",
  "submitTime": "2019-02-21",
  "title": "Cisco Prime Infrastructure SSL\u8bc1\u4e66\u9a8c\u8bc1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2019-1659 (GCVE-0-2019-1659)

Vulnerability from cvelistv5

Published

2019-02-21 15:00

Modified

2024-11-20 17:27

Severity ?

7.4 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-295

Summary

A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept communications between the ISE and PI. A successful exploit could allow the attacker to view and alter potentially sensitive information that the ISE maintains about clients that are connected to the network. This vulnerability affects Cisco Prime Infrastructure Software Releases 2.2 through 3.4.0 when the PI server is integrated with ISE, which is disabled by default.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/107092	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Prime Infrastructure	Version: next of 2.2 < unspecified Version: unspecified < 3.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.408Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190220 Cisco Prime Infrastructure Certificate Validation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation"
          },
          {
            "name": "107092",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107092"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T16:55:59.177965Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T17:27:58.808Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Infrastructure",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "next of 2.2",
              "versionType": "custom"
            },
            {
              "lessThan": "3.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-02-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept communications between the ISE and PI. A successful exploit could allow the attacker to view and alter potentially sensitive information that the ISE maintains about clients that are connected to the network. This vulnerability affects Cisco Prime Infrastructure Software Releases 2.2 through 3.4.0 when the PI server is integrated with ISE, which is disabled by default."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-22T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190220 Cisco Prime Infrastructure Certificate Validation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation"
        },
        {
          "name": "107092",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107092"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190220-prime-validation",
        "defect": [
          [
            "CSCvj87015"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Prime Infrastructure Certificate Validation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-02-20T16:00:00-0800",
          "ID": "CVE-2019-1659",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Prime Infrastructure Certificate Validation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Prime Infrastructure",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003e",
                            "version_affected": "\u003e",
                            "version_value": "2.2"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "3.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The vulnerability is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this vulnerability by using a crafted SSL certificate and could then intercept communications between the ISE and PI. A successful exploit could allow the attacker to view and alter potentially sensitive information that the ISE maintains about clients that are connected to the network. This vulnerability affects Cisco Prime Infrastructure Software Releases 2.2 through 3.4.0 when the PI server is integrated with ISE, which is disabled by default."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-295"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190220 Cisco Prime Infrastructure Certificate Validation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation"
            },
            {
              "name": "107092",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107092"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190220-prime-validation",
          "defect": [
            [
              "CSCvj87015"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1659",
    "datePublished": "2019-02-21T15:00:00Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-20T17:27:58.808Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted