CVE-2019-1645

MEDIUM

Cisco Connected Mobile Experiences - Unauthenticated Exposure of Sensitive Information via API GET Requests

Title source: llm
STIX 2.1

Description

A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks.

References (2)

Core 2
Core References
Third Party Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106701

Scores

CVSS v3 4.3
EPSS 0.0052
EPSS Percentile 40.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (1)
cisco/connected_mobile_experiences 10.2\(1.0\)
Published Jan 24, 2019
Tracked Since Feb 18, 2026