Details of VAR-201907-0861

ID

VAR-201907-0861

CVE

CVE-2019-1919

TITLE

Cisco FindIT Network Manager and Network Probe Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2019-007073

DESCRIPTION

A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account with static credentials in the underlying Linux operating system. An attacker could exploit this vulnerability by logging in to the command line of the affected VM with the static account. A successful exploit could allow the attacker to log in with root-level privileges. This vulnerability affects only Cisco FindIT Network Manager and Cisco FindIT Network Probe Release 1.1.4 if these products are using Cisco-supplied VM images. No other releases or deployment models are known to be vulnerable. An attacker with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvo93538

Trust: 2.52

sources: NVD: CVE-2019-1919 // JVNDB: JVNDB-2019-007073 // CNVD: CNVD-2019-39702 // BID: 109305 // VULHUB: VHN-151611

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-39702

AFFECTED PRODUCTS

vendor:	cisco	model:	findit network manager	scope:	eq	version:	1.1.4	Trust: 2.7
vendor:	cisco	model:	findit network probe	scope:	eq	version:	1.1.4	Trust: 2.1
vendor:	cisco	model:	findit network management software	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	cisco	model:	findit network management software	scope:	ne	version:	2.0	Trust: 0.3

sources: CNVD: CNVD-2019-39702 // BID: 109305 // JVNDB: JVNDB-2019-007073 // NVD: CVE-2019-1919

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1919
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1919
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1919
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-39702
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201907-1022
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151611
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1919
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-39702
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-151611
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1919
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1919
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2019-39702 // VULHUB: VHN-151611 // JVNDB: JVNDB-2019-007073 // CNNVD: CNNVD-201907-1022 // NVD: CVE-2019-1919 // NVD: CVE-2019-1919

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-151611 // JVNDB: JVNDB-2019-007073 // NVD: CVE-2019-1919

THREAT TYPE

local

Trust: 0.9

sources: BID: 109305 // CNNVD: CNNVD-201907-1022

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-1022

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007073

PATCH

title:	cisco-sa-20190717-cfnm-statcred	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cfnm-statcred	Trust: 0.8
title:	Patch for Cisco FindIT Network Manager Static Credential Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/189179	Trust: 0.6
title:	Cisco FindIT Network Management Software Repair measures for trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95306	Trust: 0.6

sources: CNVD: CNVD-2019-39702 // JVNDB: JVNDB-2019-007073 // CNNVD: CNNVD-201907-1022

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1919	Trust: 3.4
db:	BID	id:	109305	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-007073	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1022	Trust: 0.7
db:	CNVD	id:	CNVD-2019-39702	Trust: 0.6
db:	NSFOCUS	id:	43835	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2675	Trust: 0.6
db:	VULHUB	id:	VHN-151611	Trust: 0.1

sources: CNVD: CNVD-2019-39702 // VULHUB: VHN-151611 // BID: 109305 // JVNDB: JVNDB-2019-007073 // CNNVD: CNNVD-201907-1022 // NVD: CVE-2019-1919

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190717-cfnm-statcred	Trust: 2.6
url:	http://www.securityfocus.com/bid/109305	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1919	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1919	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/43835	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2675/	Trust: 0.6

sources: CNVD: CNVD-2019-39702 // VULHUB: VHN-151611 // BID: 109305 // JVNDB: JVNDB-2019-007073 // CNNVD: CNNVD-201907-1022 // NVD: CVE-2019-1919

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 109305

SOURCES

db:	CNVD	id:	CNVD-2019-39702
db:	VULHUB	id:	VHN-151611
db:	BID	id:	109305
db:	JVNDB	id:	JVNDB-2019-007073
db:	CNNVD	id:	CNNVD-201907-1022
db:	NVD	id:	CVE-2019-1919

LAST UPDATE DATE

2024-11-23T23:01:48.018000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-39702	date:	2019-11-08T00:00:00
db:	VULHUB	id:	VHN-151611	date:	2019-10-09T00:00:00
db:	BID	id:	109305	date:	2019-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-007073	date:	2019-07-31T00:00:00
db:	CNNVD	id:	CNNVD-201907-1022	date:	2019-08-15T00:00:00
db:	NVD	id:	CVE-2019-1919	date:	2024-11-21T04:37:41.190

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-39702	date:	2019-11-08T00:00:00
db:	VULHUB	id:	VHN-151611	date:	2019-07-17T00:00:00
db:	BID	id:	109305	date:	2019-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-007073	date:	2019-07-31T00:00:00
db:	CNNVD	id:	CNNVD-201907-1022	date:	2019-07-17T00:00:00
db:	NVD	id:	CVE-2019-1919	date:	2019-07-17T21:15:12.030