Vulnerabilities > CVE-2019-1976 - Unspecified vulnerability in Cisco Industrial Network Director and Network Level Service

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cisco

NVD

Published: 2019-09-05

Updated: 2020-10-16

Summary

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Industrial Network Director 1.1\(0.176\) Cisco Industrial Network Director 1.5\(0.250\) Cisco Network Level Service 1.6\(0.369\)	3

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-ind