CVE-2019-1976

Name of the Vulnerable Software and Affected Versions Cisco Industrial Network Director (IND) (affected versions not specified)

Description A vulnerability in the "plug-and-play" services component of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The issue is due to improper access restrictions on the web-based management interface. An attacker could exploit this by sending a crafted HTTP request to an affected device, potentially allowing access to running configuration information about devices managed by the IND, including administrative credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.