CVE-2019-1841 — Vulnetix

CVE-2019-1841 PUBLISHED CVSS 5.5 MEDIUM

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected.

EPSS 1.15% · 78.9th percentile

Risk Scores

CVSS 2.0

5.5

EPSS Score

1.15%

78.9th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Digital Network Architecture Center (DNA Center)	unspecified
cisco	catalyst_center	0

Exploit Intelligence

20190417 Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability (circl)
108084 (circl)

Timeline

Apr 18, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Nov 6, 2022 EPSS Score

References

20190417 Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability vendor-advisory
108084 vdb
https://nvd.nist.gov/vuln/detail/CVE-2019-1841 advisory

Open in Interactive Console →