Details of VAR-202009-0488

ID

VAR-202009-0488

CVE

CVE-2019-16004

TITLE

Cisco Vision Dynamic Signage Director Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016014

DESCRIPTION

A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API

Trust: 1.71

sources: NVD: CVE-2019-16004 // JVNDB: JVNDB-2019-016014 // VULHUB: VHN-148107

AFFECTED PRODUCTS

vendor:	cisco	model:	vision dynamic signage director	scope:	lt	version:	6.2.0	Trust: 1.0
vendor:	cisco	model:	vision dynamic signage director	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco vision dynamic signage director	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-016014 // NVD: CVE-2019-16004

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-16004
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-16004
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-16004
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202001-239
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-148107
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-16004
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148107
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-16004
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-16004
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-148107 // JVNDB: JVNDB-2019-016014 // CNNVD: CNNVD-202001-239 // NVD: CVE-2019-16004 // NVD: CVE-2019-16004

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	Lack of authentication for important features (CWE-306) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-148107 // JVNDB: JVNDB-2019-016014 // NVD: CVE-2019-16004

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-239

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202001-239

PATCH

title:	cisco-sa-20200108-vdsd-auth-bypass	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-vdsd-auth-bypass	Trust: 0.8
title:	Cisco Vision Dynamic Signage Director Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106586	Trust: 0.6

sources: JVNDB: JVNDB-2019-016014 // CNNVD: CNNVD-202001-239

EXTERNAL IDS

db:	NVD	id:	CVE-2019-16004	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-016014	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-239	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0093	Trust: 0.6
db:	CNVD	id:	CNVD-2020-03724	Trust: 0.1
db:	VULHUB	id:	VHN-148107	Trust: 0.1

sources: VULHUB: VHN-148107 // JVNDB: JVNDB-2019-016014 // CNNVD: CNNVD-202001-239 // NVD: CVE-2019-16004

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200108-vdsd-auth-bypass	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16004	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0093/	Trust: 0.6

sources: VULHUB: VHN-148107 // JVNDB: JVNDB-2019-016014 // CNNVD: CNNVD-202001-239 // NVD: CVE-2019-16004

SOURCES

db:	VULHUB	id:	VHN-148107
db:	JVNDB	id:	JVNDB-2019-016014
db:	CNNVD	id:	CNNVD-202001-239
db:	NVD	id:	CVE-2019-16004

LAST UPDATE DATE

2024-11-23T22:05:27.602000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148107	date:	2020-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-016014	date:	2021-04-05T09:07:00
db:	CNNVD	id:	CNNVD-202001-239	date:	2020-09-29T00:00:00
db:	NVD	id:	CVE-2019-16004	date:	2024-11-21T04:29:54.840

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148107	date:	2020-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-016014	date:	2021-04-05T00:00:00
db:	CNNVD	id:	CNNVD-202001-239	date:	2020-01-08T00:00:00
db:	NVD	id:	CVE-2019-16004	date:	2020-09-23T01:15:13.537