CVE-2019-1881
Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on an affected device. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors.
Una vulnerabilidad en la interfaz de administración basada en la web de Cisco Industrial Network Director (IND) podría permitir a un atacante remoto no autorizado realizar un ataque de falsificación de solicitudes entre sitios (CSRF) y realizar acciones arbitrarias en un dispositivo afectado. La vulnerabilidad se debe a las insuficientes protecciones CSRF para la interfaz de administración basada en web del dispositivo afectado. Un atacante podría aprovechar esta vulnerabilidad persuadiendo a un usuario de la interfaz para que siga un enlace malicioso. Una operación con éxito podría permitir al atacante utilizar un navegador web y los privilegios del usuario para realizar acciones arbitrarias en un dispositivo afectado. Para obtener más información sobre los ataques CSRF y las posibles mitigaciones, consulte Descripción de vectores de amenazas de falsificación de solicitudes entre sitios.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2018-12-06 CVE Reserved
- 2019-06-05 CVE Published
- 2021-10-12 First Exploit
- 2024-10-26 EPSS Updated
- 2024-11-21 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/108678 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/Shadawks/Strapi-CVE-2019-1881 | 2021-10-12 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-csrf | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Industrial Network Director Search vendor "Cisco" for product "Industrial Network Director" | 1.5\(0.250\) Search vendor "Cisco" for product "Industrial Network Director" and version "1.5\(0.250\)" | - |
Affected
|