CVE-2019-1917
CRITICALCisco Vision Dynamic Signage Director - Unauthenticated Authentication Bypass via REST API
Title source: llmDescription
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system. The REST API is enabled by default and cannot be disabled.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109301
Scores
CVSS v3
9.1
EPSS
0.0534
EPSS Percentile
91.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (3)
cisco/vision_dynamic_signage_director
5.0 sp1 (8 CPE variants)
cisco/vision_dynamic_signage_director
6.1 sp1 (2 CPE variants)
cisco/vision_dynamic_signage_director
< 5.0
Published
Jul 17, 2019
Tracked Since
Feb 18, 2026