CVE-2019-1854
A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface.
EPSS 0.05% · 15.8th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | telepresence_video_communication_server | x8.11.4 |
| Cisco | Cisco Expressway | unspecified |
Exploit Intelligence
- 20190501 Cisco Expressway Series Directory Traversal Vulnerability (circl)
- 108154 (circl)
- 20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway (circl)
- 20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway (circl)
- http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html (circl)
- Cisco Expressway Gateway 11.5.1 Directory Traversal Vulnerability (0day-today)
- Cisco Expressway Gateway 11.5.1 Directory Traversal Vulnerability (0day-today)
Timeline
- May 1, 2019 CVE Published
- May 21, 2019 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- 20190501 Cisco Expressway Series Directory Traversal Vulnerability vendor-advisory
- 108154 vdb
- 20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway mailing-list
- 20190517 [RT-SA-2019-002] Directory Traversal in Cisco Expressway Gateway mailing-list
- http://packetstormsecurity.com/files/152963/Cisco-Expressway-Gateway-11.5.1-Directory-Traversal.html url
- https://nvd.nist.gov/vuln/detail/CVE-2019-1854 advisory