CVE-2019-1692
low-risk
Published 2019-05-03
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric Infrastructure (ACI). An attacker could exploit this vulnerability by attempting to observe certain network traffic when accessing the APIC. A successful exploit could allow the attacker to access and collect certain tracking data and usage statistics on an affected device.
Do I need to act?
-
0.31% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/108155
Third Party Advisory
http://www.securityfocus.com/bid/108155
29
/ 100
low-risk
Severity
21/34 · High
Exploitability
1/34 · Minimal
Exposure
7/34 · Low