CVE-2019-1819 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-1819 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information.

EPSS 10.72% · 93.3th percentile

Risk Scores

CVSS v3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

10.72%

93.3th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Prime Infrastructure	3.4
cisco	evolved_programmable_network_manager	0
cisco	prime_infrastructure	0

Timeline

May 15, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Mar 5, 2023 EPSS Score

References

20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability vendor-advisory
108351 vdb
https://nvd.nist.gov/vuln/detail/CVE-2019-1819 advisory

Open in Interactive Console →