CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1940 – Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1940
A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software. At the time of publication, this vulnerability affected Cisco IND Software releases prior to 1.7. • http://www.securityfocus.com/bid/109296 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-wsma-info • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1881 – Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1881
A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on an affected device. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. • https://github.com/Shadawks/Strapi-CVE-2019-1881 http://www.securityfocus.com/bid/108678 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1882 – Cisco Industrial Network Director Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1882
A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to conduct XSS attacks. Una vulnerabilidad en Cisco Industrial Network Director podría permitir a un atacante remoto identificado dirigir ataques de tipo cross-site scripting (XSS) almacenados. • http://www.securityfocus.com/bid/108629 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2019-1861 – Cisco Industrial Network Director Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1861
A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Una vulnerabilidad en la función de actualización del software Industrial Network Director de Cisco, podría permitir a un atacante remoto identificado ejecutar código arbitrario. • http://www.securityfocus.com/bid/108622 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15392 – Cisco Industrial Network Director DHCP Request Processing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15392
A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition. Una vulnerabilidad en el servicio DHCP de Cisco Industrial Network Director podría permitir que un atacante adyacente no autenticado provoque una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ind-dos • CWE-399: Resource Management Errors •