Vulnérabilité de contournement d'authentification de l'API REST Cisco Vision Dynamic Signage Director
Plateforme
cisco
Composant
cisco-vision-dynamic-signage-director
Corrigé dans
6.1sp3
CVE-2019-1917 describes an authentication bypass vulnerability affecting Cisco Vision Dynamic Signage Director versions up to 6.1sp3. This flaw allows an unauthenticated, remote attacker to bypass authentication and potentially gain administrative control over the system. The vulnerability stems from insufficient validation of HTTP requests within the REST API interface, and a patch is available in version 6.1sp3.
Impact et Scénarios d'Attaquetraduction en cours…
The impact of CVE-2019-1917 is severe. A successful exploit allows an attacker to execute arbitrary actions with administrative privileges on the affected Cisco Vision Dynamic Signage Director system. This could include modifying system configurations, accessing sensitive data, or even taking complete control of the device. Given the administrative privileges granted, an attacker could potentially pivot to other systems on the network, leading to a broader compromise. The REST API is enabled by default, increasing the attack surface and making exploitation easier.
Contexte d'Exploitationtraduction en cours…
CVE-2019-1917 was publicly disclosed on July 17, 2019. While no active exploitation campaigns have been definitively linked to this CVE, the CRITICAL severity and ease of exploitation make it a potential target. It is not currently listed on CISA KEV. Public proof-of-concept exploits are available, demonstrating the feasibility of bypassing authentication and gaining administrative access.
Qui Est à Risquetraduction en cours…
Organizations utilizing Cisco Vision Dynamic Signage Director for digital signage deployments are at risk, particularly those running versions prior to 6.1sp3. Environments with exposed REST APIs or lacking robust network segmentation are especially vulnerable. Shared hosting environments where multiple tenants share the same infrastructure could also be impacted if the Director is deployed in a multi-tenant configuration.
Étapes de Détectiontraduction en cours…
• cisco: Use Cisco's security advisory to identify affected devices. Check system version using CLI: show version. Monitor REST API logs for unusual authentication attempts or unauthorized access.
• generic web: Monitor access logs for requests to the REST API endpoints without proper authentication headers. Use curl to test authentication bypass attempts: curl -v -X GET <director_ip>/api/v1/system/status (expecting a 200 OK without authentication).
• linux / server: Monitor system logs for unusual activity related to the Cisco Vision Dynamic Signage Director process. Use journalctl -u vision-director to review logs.
Chronologie de l'Attaque
- Disclosure
disclosure
- Patch
patch
Renseignement sur les Menaces
Statut de l'Exploit
EPSS
14.37% (percentile 94%)
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Aucun — sans authentification. Aucune identifiant requis pour exploiter.
- User Interaction
- Aucune — attaque automatique et silencieuse. La victime ne fait rien.
- Scope
- Inchangé — impact limité au composant vulnérable.
- Confidentiality
- Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
- Integrity
- Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
- Availability
- Aucun — aucun impact sur la disponibilité.
Logiciel Affecté
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
- Modifiée
- EPSS mis à jour
Mitigation et Contournementstraduction en cours…
The primary mitigation for CVE-2019-1917 is to upgrade Cisco Vision Dynamic Signage Director to version 6.1sp3 or later. If immediate upgrade is not possible, consider implementing strict network segmentation to isolate the affected system. Review and restrict access to the REST API, limiting it to trusted sources. Monitor REST API traffic for suspicious activity. While no specific WAF rules are provided, generic rules to block unauthorized access attempts to the REST API endpoints could offer some protection. After upgrade, confirm functionality by verifying administrative access and ensuring the REST API operates as expected.
Comment corriger
Mettez à jour Cisco Vision Dynamic Signage Director à la version 6.1sp3 ou ultérieure. Cette mise à jour corrige la vulnérabilité de contournement d'authentification dans l'API REST.
Newsletter Sécurité CVE
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
Questions fréquentestraduction en cours…
What is CVE-2019-1917 — Authentication Bypass in Cisco Vision Director?
CVE-2019-1917 is a critical vulnerability in Cisco Vision Dynamic Signage Director (versions ≤6.1sp3) that allows an unauthenticated attacker to bypass authentication and gain administrative privileges.
Am I affected by CVE-2019-1917 in Cisco Vision Director?
You are affected if you are running Cisco Vision Dynamic Signage Director versions prior to 6.1sp3 and have not applied the security patch.
How do I fix CVE-2019-1917 in Cisco Vision Director?
Upgrade Cisco Vision Dynamic Signage Director to version 6.1sp3 or later to mitigate the vulnerability. If immediate upgrade is not possible, implement network segmentation and restrict REST API access.
Is CVE-2019-1917 being actively exploited?
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation make it a potential target.
Where can I find the official Cisco advisory for CVE-2019-1917?
Refer to the official Cisco Security Advisory for CVE-2019-1917: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vision-auth-bypass-190717
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.