How severe is CVE-2019-1851?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2019-1851?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2019-1851

MEDIUM Year: 2019

CVSS v3 Score

6.8

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-285

View all →

Vulnerability Description

A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to an incorrect implementation of role-based access control (RBAC). An attacker could exploit this vulnerability by crafting a specific HTTP request with administrative credentials. A successful exploit could allow the attacker to generate a certificate that is signed and trusted by the ISE CA with arbitrary attributes. The attacker could use this certificate to access other networks or assets that are protected by certificate authentication.

CVE-2020-9081

MEDIUM

CVSS:6.8(Medium)

There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could al...

CWE-2852020

CVE-2025-2600

MEDIUM

CVSS:6.8(Medium)

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated password to use the ELEVATED_PASSWORD variable even though not allowed by the ...

CWE-2852025

CVE-2019-12671

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS)...

CWE-2852019

CVE-2022-34434

MEDIUM

CVSS:6.7(Medium)

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or c...

CWE-2852022

CVE-2023-28385

MEDIUM

CVSS:6.7(Medium)

Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access.

CWE-2852023

CVE-2023-32662

MEDIUM

CVSS:6.7(Medium)

Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access.

CWE-2852023

CVE-2019-1851

Vulnerability Description

Related Vulnerabilities

CVE-2020-9081

CVE-2025-2600

CVE-2019-12671

CVE-2022-34434

CVE-2023-28385

CVE-2023-32662