What is CVE-2019-1851?

CVE-2019-1851 is a medium-severity vulnerability in Cisco Identity Services Engine Software, classified under Improper Authorization. CVSS score: 6.8/10. Published 2019-05-16.

How severe is CVE-2019-1851?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Auth bypass in Cisco Identity Services Engine Software

CVE-2019-1851

A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Servi…

EPSS: 0.001 (30.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N.

Affected products

Cisco Identity Services Engine Software — versions unspecified

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

20190515 Cisco Identity Services Engine Arbitrary Client Certificate Creation Vulnerability (vendor-advisory, x_refsource_CISCO)
108356 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2019-1851?: CVE-2019-1851 is a medium-severity vulnerability in Cisco Identity Services Engine Software, classified under Improper Authorization. CVSS score: 6.8/10. Published 2019-05-16.
How severe is CVE-2019-1851?: Medium severity. CVSS v3 base score is 6.8 out of 10.