{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T21:21:28.947","vulnerabilities":[{"cve":{"id":"CVE-2019-1919","sourceIdentifier":"psirt@cisco.com","published":"2019-07-17T21:15:12.030","lastModified":"2024-11-21T04:37:41.190","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account with static credentials in the underlying Linux operating system. An attacker could exploit this vulnerability by logging in to the command line of the affected VM with the static account. A successful exploit could allow the attacker to log in with root-level privileges. This vulnerability affects only Cisco FindIT Network Manager and Cisco FindIT Network Probe Release 1.1.4 if these products are using Cisco-supplied VM images. No other releases or deployment models are known to be vulnerable."},{"lang":"es","value":"Una vulnerabilidad en las imágenes de la máquina virtual (VM) del Software FindIT Network Management de Cisco, podría permitir a un atacante local no autenticado, con acceso a la consola de la máquina virtual, iniciar sesión en el dispositivo con una cuenta estática que tenga privilegios de root. La vulnerabilidad es debido a la presencia de una cuenta con credenciales estáticas en el sistema operativo Linux subyacente. Un atacante podría explotar esta vulnerabilidad si inicia sesión en la línea de comandos de la máquina virtual afectada con la cuenta estática. Una explotación con éxito podría permitir al atacante iniciar sesión con privilegios de nivel root. Esta vulnerabilidad solo afecta a Cisco FindIT Network Manager y Cisco FindIT Network Probe versión 1.1.4 si estos productos utilizan imágenes de VM suministradas por Cisco. No se conoce otras versiones o modelos de implementación que sean vulnerables."}],"metrics":{"cvssMetricV30":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:findit_network_manager:1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"3B429D55-9FD4-4CC9-9868-697A3379EF6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:findit_network_probe:1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"E41F0CFF-EA35-49AE-AAB8-3752D0CC72FC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/109305","source":"psirt@cisco.com","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cfnm-statcred","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/109305","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cfnm-statcred","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}