CRITICALCVE-2019-1917CVSS 9.1

CVE-2019-1917: Authentication Bypass in Cisco Vision Director

Platform

cisco

Component

cisco-vision-dynamic-signage-director

Fixed in

6.1sp3

AI Confidence: highNVDEPSS 14.4%Reviewed: May 2026

View on NVD

Save

CVE-2019-1917 describes an authentication bypass vulnerability affecting Cisco Vision Dynamic Signage Director versions up to 6.1sp3. This flaw allows an unauthenticated, remote attacker to bypass authentication and potentially gain administrative control over the system. The vulnerability stems from insufficient validation of HTTP requests within the REST API interface, and a patch is available in version 6.1sp3.

Impact and Attack Scenarios

The impact of CVE-2019-1917 is severe. A successful exploit allows an attacker to execute arbitrary actions with administrative privileges on the affected Cisco Vision Dynamic Signage Director system. This could include modifying system configurations, accessing sensitive data, or even taking complete control of the device. Given the administrative privileges granted, an attacker could potentially pivot to other systems on the network, leading to a broader compromise. The REST API is enabled by default, increasing the attack surface and making exploitation easier.

Exploitation Context

CVE-2019-1917 was publicly disclosed on July 17, 2019. While no active exploitation campaigns have been definitively linked to this CVE, the CRITICAL severity and ease of exploitation make it a potential target. It is not currently listed on CISA KEV. Public proof-of-concept exploits are available, demonstrating the feasibility of bypassing authentication and gaining administrative access.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

14.37% (94% percentile)

CVSS Vector

Affected Software

Componentcisco-vision-dynamic-signage-director

VendorCisco

Affected rangeFixed in

unspecified – 6.1sp36.1sp3

Weakness Classification (CWE)

CWE-287

Timeline

Reserved2018-12-06
Published2019-07-17
Modified2024-11-19
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2019-1917 is to upgrade Cisco Vision Dynamic Signage Director to version 6.1sp3 or later. If immediate upgrade is not possible, consider implementing strict network segmentation to isolate the affected system. Review and restrict access to the REST API, limiting it to trusted sources. Monitor REST API traffic for suspicious activity. While no specific WAF rules are provided, generic rules to block unauthorized access attempts to the REST API endpoints could offer some protection. After upgrade, confirm functionality by verifying administrative access and ensuring the REST API operates as expected.

How to fix

Actualice Cisco Vision Dynamic Signage Director a la versión 6.1sp3 o posterior. Esta actualización corrige la vulnerabilidad de omisión de autenticación en la API REST.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2019-1917 — Authentication Bypass in Cisco Vision Director?

CVE-2019-1917 is a critical vulnerability in Cisco Vision Dynamic Signage Director (versions ≤6.1sp3) that allows an unauthenticated attacker to bypass authentication and gain administrative privileges.

Am I affected by CVE-2019-1917 in Cisco Vision Director?

You are affected if you are running Cisco Vision Dynamic Signage Director versions prior to 6.1sp3 and have not applied the security patch.

How do I fix CVE-2019-1917 in Cisco Vision Director?

Upgrade Cisco Vision Dynamic Signage Director to version 6.1sp3 or later to mitigate the vulnerability. If immediate upgrade is not possible, implement network segmentation and restrict REST API access.

Is CVE-2019-1917 being actively exploited?

While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation make it a potential target.

Where can I find the official Cisco advisory for CVE-2019-1917?

Refer to the official Cisco Security Advisory for CVE-2019-1917: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vision-auth-bypass-190717

NextGuard

Vulnerabilities

What do these metrics mean?

Attack Vector: Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity: Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required: None — unauthenticated. No login or credentials needed to exploit.
User Interaction: None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope: Unchanged — impact is limited to the vulnerable component itself.
Confidentiality: High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity: High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability: None — no availability impact. Service remains fully operational.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free Search CVEs