CVE-2019-1906 Information
Feb 14, 2021
cve
Description
A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated remote attacker to change the virtual domain configuration which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Reference
http://www.securityfocus.com/bid/108855 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-prime-privescal
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
6.5
Share on: