How severe is CVE-2019-1688?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2019-1688?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2019-1688 - HIGH Severity | CVSS 7.7

Vulnerability Description

A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1).

Related Vulnerabilities

CVE-2023-39421

HIGH

CVSS:7.7(High)

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted intera...

CWE-7982023

CVE-2023-6409

HIGH

CVSS:7.7(High)

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Ex...

CWE-7982023

CVE-2025-48413

HIGH

CVSS:7.7(High)

The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or ...

CWE-7982025

CVE-2006-7142

HIGH

CVSS:7.8(High)

The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from ...

CWE-7982006

CVE-2010-2772

HIGH

CVSS:7.8(High)

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stu...

CWE-7982010

CVE-2016-2948

HIGH

CVSS:7.8(High)

IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors.

CWE-7982016