CVE-2019-1717

Name of the Vulnerable Software and Affected Versions Cisco Video Surveillance Manager (affected versions not specified)

Description The issue is related to improper validation of parameters handled by the web-based management interface, allowing an unauthenticated, remote attacker to access sensitive information. An attacker could exploit this by sending malicious requests to an affected component, potentially allowing the download of arbitrary files from the affected device, which could contain sensitive information. The vulnerability is also described as being due to incorrect restriction of the directory path name with limited access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.