CVE-2019-1692 – Cisco Application Policy Infrastructure Controller Web-Based Management Interface Usage Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2019-1692

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric Infrastructure (ACI). An attacker could exploit this vulnerability by attempting to observe certain network traffic when accessing the APIC. A successful exploit could allow the attacker to access and collect certain tracking data and usage statistics on an affected device. Una vulnerabilidad en la interfaz de administración basada en web del software Cisco Application Policy Infrastructure Controller (APIC) de Cisco, podría permitir que un atacante remoto no identificado acceda a la información confidencial acerca del uso del sistema. • http://www.securityfocus.com/bid/108155 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-apic-info-disc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-311: Missing Encryption of Sensitive Data •