{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T20:33:09.427","vulnerabilities":[{"cve":{"id":"CVE-2019-1841","sourceIdentifier":"psirt@cisco.com","published":"2019-04-18T02:29:06.123","lastModified":"2025-07-23T15:26:38.713","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected."},{"lang":"es","value":"Una vulnerabilidad en la funcionalidad Software Image Management de Cisco DNA Center podría permitir a un atacante remoto autenticado acceder a los servicios internos sin necesidad de autenticación adicional. La vulnerabilidad se debe a la insuficiente validación de las entradas suministradas por el usuario. Un atacante podría explotar esta vulnerabilidad enviando peticiones HTTP arbitrarias a servicios internos. Un exploit podría permitir al atacante eludir cualquier firewall u otras protecciones para acceder a servicios internos no autorizados. Las versiones de DNAC anteriores a la 1.2.5 están afectadas."}],"metrics":{"cvssMetricV30":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-441"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_center:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.5","matchCriteriaId":"DC5F0CD4-88B3-4D0C-B05C-59FFE23A9A39"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/108084","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-swim-proxy","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/108084","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-swim-proxy","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}