How severe is CVE-2019-16029?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2019-16029?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2019-16029 - HIGH Severity | CVSS 8.2

Vulnerability Description

A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition.

Related Vulnerabilities

CVE-2012-1168

HIGH

CVSS:8.2(High)

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

CWE-202012

CVE-2015-1000002

HIGH

CVSS:8.2(High)

Open Proxy in filedownload v1.4 wordpress plugin

CWE-202015

CVE-2016-1182

HIGH

CVSS:8.2(High)

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a ...

CWE-202016

CVE-2016-1441

HIGH

CVSS:8.2(High)

Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET A...

CWE-202016

CVE-2017-1000368

HIGH

CVSS:8.2(High)

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution...

CWE-202017

CVE-2017-3752

HIGH

CVSS:8.2(High)

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaw...

CWE-202017