How severe is CVE-2019-1586?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2019-1586?

This is classified as CWE-320, which is a common weakness in software security.

CVE-2019-1586 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information.

Related Vulnerabilities

CVE-2018-7534

MEDIUM

CVSS:4.7(Medium)

In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory.

CWE-3202018

CVE-2016-2217

MEDIUM

CVSS:5.3(Medium)

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.

CWE-3202016

CVE-2018-7559

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in ...

CWE-3202018

CVE-2019-9150

MEDIUM

CVSS:5.3(Medium)

Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key wa...

CWE-3202019

CVE-2016-1000346

LOW

CVSS:3.7(Low)

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other par...

CWE-3202016

CVE-2024-10920

LOW

CVSS:3.7(Low)

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\m...

CWE-3202024