Rewterz Threat Advisory – Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
August 8, 2019Rewterz Threat Advisory – CVE 2019-1918 – Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability
August 8, 2019Rewterz Threat Advisory – Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
August 8, 2019Rewterz Threat Advisory – CVE 2019-1918 – Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability
August 8, 2019Severity
Medium
Analysis Summary
The vulnerability is due to an insufficient authentication mechanism used to establish a VNC session. An attacker could exploit this vulnerability by intercepting an administrator VNC session request prior to login. A successful exploit could allow the attacker to watch the administrator console session or interact with it, allowing admin access to the affected device.
Impact
- Authentication bypass
- Session interception
Affected Vendors
Cisco
Affected Products
Cisco Enterprise NFV Infrastructure Software releases earlier than 3.12.1.
Remediation
Please see vendor’s advisory for more details