Vulnerability Details : CVE-2019-1645
A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks.
Vulnerability category: Information leak
Products affected by CVE-2019-1645
- cpe:2.3:a:cisco:connected_mobile_experiences:10.2\(1.0\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1645
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-1645
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:P/I:N/A:N |
6.5
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
Cisco Systems, Inc. |
CWE ids for CVE-2019-1645
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2019-1645
-
http://www.securityfocus.com/bid/106701
Cisco Connected Mobile Experiences CVE-2019-1645 Information Disclosure VulnerabilityThird Party Advisory
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-discl
Cisco Connected Mobile Experiences Information Disclosure VulnerabilityVendor Advisory
Jump to