6.5
CVE-2019-16004
- EPSS 0.25%
- Published 23.09.2020 01:15:13
- Last modified 21.11.2024 04:29:54
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Vision Dynamic Signage Director Version < 6.2.0
Cisco ≫ Vision Dynamic Signage Director Version6.2.0 Update-
Cisco ≫ Vision Dynamic Signage Director Version6.2.0 Updatesp1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.45 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
| psirt@cisco.com | 6.5 | 3.9 | 2.5 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.