CVE-2019-16004

Name of the Vulnerable Software and Affected Versions Cisco Vision Dynamic Signage Director (affected versions not specified)

Description A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The issue is due to missing authentication on some API calls, allowing an attacker to exploit this by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the REST API endpoint to minimize the risk of exploitation. Avoid using the affected API calls until the issue is resolved.