CVE-2019-1645
MEDIUMCisco Connected Mobile Experiences - Unauthenticated Exposure of Sensitive Information via API GET Requests
Title source: llmDescription
A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks.
References (2)
Core 2
Core References
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106701
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-discl
Scores
CVSS v3
4.3
EPSS
0.0052
EPSS Percentile
40.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
cisco/connected_mobile_experiences
10.2\(1.0\)
Published
Jan 24, 2019
Tracked Since
Feb 18, 2026