vulnerability

Cisco TelePresence: Cisco Expressway Series Directory Traversal Vulnerability (CVE-2019-1854)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	May 3, 2019	Jul 9, 2019	Nov 2, 2022

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

May 3, 2019

Added

Jul 9, 2019

Modified

Nov 2, 2022

Description

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface.

Solution

cisco-telepresence-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today