Report incident

Security Alerts

Vulnerability Alert - Cisco Industrial Network Director

type Vulnerabilities
Systems AffectedCisco Industrial Network Director version less than 1.6.0
System Other

Description

The vulnerability is due to improper access restrictions on the web-based management interface.

impact

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device.

An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.

Resolution

Upgrade Cisco Industrial Network Director to a version of 1.6.0 or greater.

References

[1] - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-ind