Vulnerability Description
A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to an incorrect implementation of role-based access control (RBAC). An attacker could exploit this vulnerability by crafting a specific HTTP request with administrative credentials. A successful exploit could allow the attacker to generate a certificate that is signed and trusted by the ISE CA with arbitrary attributes. The attacker could use this certificate to access other networks or assets that are protected by certificate authentication.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Identity Services Engine | 2.2\(0.470\) |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108356Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/108356Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1851?
CVE-2019-1851 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the In...
How severe is CVE-2019-1851?
CVE-2019-1851 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1851?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Identity Services Engine.