CVE-2019-1717
Description
A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to an affected component. A successful exploit could allow the attacker to download arbitrary files from the affected device, which could contain sensitive information.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
2.842
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Video Surveillance Manager Web-Based Management Interface Information Disclosure Vulnerability For Cisco Video Surveillance Manager | NCM |
| Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2019-1717) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706045 | Security Update for Cisco Video Surveillance Manager 7.10 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234