CVE-2019-1794 MEDIUM

CVE-2019-1794: Cisco Directory Connector Search Order Hijacking Vulnerability

Vendor Cisco
Product Cisco Directory Connector
Weakness CWE-427
Published April 18, 2019
Last update November 21, 2024

CVSS base score

5.1/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.

Key dates

02Disclosure timeline

April 18, 2019 CVE published
November 21, 2024 Record updated