What is CVE-2019-1688?

CVE-2019-1688 is a vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) that could allow unauthorized access or cause a Denial of Service (DoS) condition.

How can an attacker exploit CVE-2019-1688?

An unauthenticated, local attacker can exploit CVE-2019-1688 by exploiting a fault in the password management system of Cisco NAE.

What is the severity of CVE-2019-1688?

CVE-2019-1688 has a severity rating of 7.1, which is considered high.

What software is affected by CVE-2019-1688?

Cisco Network Assurance Engine (NAE) version 3.0(1) is affected by CVE-2019-1688.

How can I fix the vulnerability described in CVE-2019-1688?

To fix the vulnerability described in CVE-2019-1688, Cisco recommends upgrading to a fixed software release.

Vulnerability/
CVE-2019-1688

high

7.7

CWE

798

12/2/2019

21/11/2024

CVE-2019-1688: Cisco Network Assurance Engine CLI Access with Default Password Vulnerability

First published: Tue Feb 12 2019(Updated: )

A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1).

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Network Assurance Engine	=3.0\(1\)
	=3.0\(1\)

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-1688?
CVE-2019-1688 is a vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) that could allow unauthorized access or cause a Denial of Service (DoS) condition.
How can an attacker exploit CVE-2019-1688?
An unauthenticated, local attacker can exploit CVE-2019-1688 by exploiting a fault in the password management system of Cisco NAE.
What is the severity of CVE-2019-1688?
CVE-2019-1688 has a severity rating of 7.1, which is considered high.
What software is affected by CVE-2019-1688?
Cisco Network Assurance Engine (NAE) version 3.0(1) is affected by CVE-2019-1688.
How can I fix the vulnerability described in CVE-2019-1688?
To fix the vulnerability described in CVE-2019-1688, Cisco recommends upgrading to a fixed software release.

collector/nvd-index
agent/type
agent/references
agent/title
agent/weakness
agent/severity
agent/description
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/softwarecombine
agent/tags
agent/event
vendor/cisco
canonical/cisco network assurance engine
version/cisco network assurance engine/3.0\(1\)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.