Rewterz Threat Advisory – Cisco Webex Teams Logging Feature Command Execution Vulnerability
September 5, 2019Rewterz Threat Advisory – CVE-2019-13517 – BD Pyxis Privilege Access Vulnerability
September 6, 2019Rewterz Threat Advisory – Cisco Webex Teams Logging Feature Command Execution Vulnerability
September 5, 2019Rewterz Threat Advisory – CVE-2019-13517 – BD Pyxis Privilege Access Vulnerability
September 6, 2019Severity
High
Analysis Summary
The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.
Impact
Exposure of sensitive information
Affected Vendors
Cisco
Affected Products
Cisco Industrial Network Director (IND)
Remediation
Please see vendor’s advisory for more details
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-ind