CVE-2019-16004

CVE Database · CVE-2019-16004

CVE-2019-16004

· MEDIUMModified

CVSS v3.1

6.5

EPSS

1.03%

Published

Sep 22, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Weaknesses (CWE)

CWE-306CWE-306

Affected Products (3)

cisco · vision_dynamic_signage_director (up to 6.2.0)vulnerable

cisco · vision_dynamic_signage_directorvulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-vdsd-auth-bypass

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-vdsd-auth-bypass

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs