First published: Wed May 15 2019(Updated: )
A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to an affected component. A successful exploit could allow the attacker to download arbitrary files from the affected device, which could contain sensitive information.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Video Surveillance Manager | =7.21 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1717 is a vulnerability in the web-based management interface of Cisco Video Surveillance Manager that could allow an unauthenticated, remote attacker to access sensitive information.
The severity of CVE-2019-1717 is high with a CVSS score of 7.5.
An attacker can exploit CVE-2019-1717 by accessing the web-based management interface and exploiting the improper validation of parameters to gain unauthorized access to sensitive information.
Cisco Video Surveillance Manager version 7.21 is affected by CVE-2019-1717.
More information about CVE-2019-1717 can be found at the following references: [http://www.securityfocus.com/bid/108336](http://www.securityfocus.com/bid/108336) and [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cvsm](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cvsm).