SB2019012414 - Information disclosure in Cisco Mobility Services Engine
Published: January 24, 2019
Security Bulletin ID
SB2019012414
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2019-1645)
The vulnerability allows an adjacent attacker to obtain potentially sensitive information.
The vulnerability exists due to a lack of input and validation checking mechanisms for certain GET requests to API's. An adjacent attacker can send HTTP GET requests obtain arbitrary data and use this information to conduct additional reconnaissance attacks.
Remediation
Install update from vendor's website.