CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-1794

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.8%

CVSS Severity

CVSS v3 Score 5.1

CVSS v2 Score 3.6

References

http://www.securityfocus.com/bid/108032
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack
http://www.securityfocus.com/bid/108032
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack

Products affected by CVE-2019-1794

Cisco » Meeting Server » Version: 2.2

cpe:2.3:a:cisco:meeting_server:2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1794

Products

Pricing

Contact Us