CVE-2019-16029 (CNNVD-202001-1122)
中文标题:
Cisco Smart Software Manager On-Prem 输入验证错误漏洞
英文标题:
Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability
漏洞描述
中文描述:
Cisco Smart Software Manager On-Prem是美国思科(Cisco)公司的一款用于Cisco产品许可证管理的组件。 Cisco Smart Software Manager On-Prem中的API存在输入验证错误漏洞。远程攻击者可借助特制的HTTP请求利用该漏洞更改或破坏用户帐户信息,导致拒绝服务。
英文描述:
A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Smart Software Manager On-Prem | - | < n/a | - |
cpe:2.3:a:cisco:cisco_smart_software_manager_on-prem:*:*:*:*:*:*:*:*
|
| cisco | smart_software_manager_on-prem | * | - | - |
cpe:2.3:a:cisco:smart_software_manager_on-prem:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.0 (cna)
HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2019-16029 |
2025-11-11 15:20:04 | 2025-11-11 07:35:36 |
| NVD | nvd_CVE-2019-16029 |
2025-11-11 14:56:31 | 2025-11-11 07:44:08 |
| CNNVD | cnnvd_CNNVD-202001-1122 |
2025-11-11 15:10:21 | 2025-11-11 07:55:20 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 输入验证错误
- cnnvd_id: 未提取 -> CNNVD-202001-1122
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']