#VU17840 Man-in-the-Middle (MitM) attack in Cisco Prime Infrastructure - CVE-2019-1659

Cybersecurity Help s.r.o.

Published: 2019-02-22

Vulnerability identifier: #VU17840

Vulnerability risk: Low

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-1659

CWE-ID: CWE-300

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Prime Infrastructure
Server applications / Remote management servers, RDP, SSH

Vendor: Cisco Systems, Inc

Description
The vulnerability allows a remote attacker to conduct man-in-the-middle attack.

The vulnerability exists in the Identity Services Engine (ISE) integration feature due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. A remote attacker can use a specially crafted SSL certificate, intercept communications between the ISE and PI and view and alter potentially sensitive information that the ISE maintains about clients that are connected to the network.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Prime Infrastructure: 3.5.0.0

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-prime-validation

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Man-in-the-middle attack in Cisco Prime Infrastructure