CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1940 – Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1940
A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software. At the time of publication, this vulnerability affected Cisco IND Software releases prior to 1.7. • http://www.securityfocus.com/bid/109296 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-wsma-info • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2019-1861 – Cisco Industrial Network Director Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1861
A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Una vulnerabilidad en la función de actualización del software Industrial Network Director de Cisco, podría permitir a un atacante remoto identificado ejecutar código arbitrario. • http://www.securityfocus.com/bid/108622 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15392 – Cisco Industrial Network Director DHCP Request Processing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15392
A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition. Una vulnerabilidad en el servicio DHCP de Cisco Industrial Network Director podría permitir que un atacante adyacente no autenticado provoque una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ind-dos • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6675
https://notcve.org/view.php?id=CVE-2017-6675
A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176). Una vulnerabilidad en la interfaz web de Cisco Industrial Network Director podría permitir que un atacante remoto no autenticado lleve a cabo un ataque cross-site scripting (XSS) contra un sistema afectado. Más información: CSCvd25405. • http://www.securityfocus.com/bid/98962 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •