CVE-2019-1976

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.

Published : 2019-09-05 02:15 Updated : 2019-10-09 23:48

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Cisco Network Level Service 1.6%280.369%29 cpe:/a:cisco:network_level_service:1.6%280.369%29
  1. Cisco (1) Search CVE
    1. Network Level Service (1) Search CVE
      1. 1.6%280.369%29

CWE

ID Name Description Links
CWE-255 Credentials Management Weaknesses in this category are related to the management of credentials. CVE

History of changes

Date Event
2019-09-06 17:47
2019-09-05 02:15

New CVE