How severe is CVE-2019-1890?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2019-1890?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2019-1890

HIGH Year: 2019

CVSS v3 Score

7.4

High

CVSS v2 Score

3.3

Low

Weakness Type

CWE-284

View all →

Vulnerability Description

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.

CVE-2014-0881

HIGH

CVSS:7.4(High)

The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of servi...

CWE-2842014

CVE-2014-8183

HIGH

CVSS:7.4(High)

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource ...

CWE-2842014

CVE-2016-0340

HIGH

CVSS:7.4(High)

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging...

CWE-2842016

CVE-2017-12191

HIGH

CVSS:7.4(High)

A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be ap...

CWE-2842017

CVE-2020-36838

HIGH

CVSS:7.4(High)

The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw m...

CWE-2842020

CVE-2021-0232

HIGH

CVSS:7.4(High)

An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already register...

CWE-2842021

CVE-2019-1890

Vulnerability Description

Related Vulnerabilities

CVE-2014-0881

CVE-2014-8183

CVE-2016-0340

CVE-2017-12191

CVE-2020-36838

CVE-2021-0232