CVE-2019-19631
Description
An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can access sensitive information via an API endpoint that reveals session cookies of authenticated administrators, leading to privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A read-only user can access an API endpoint exposing admin session cookies, leading to privilege escalation in Big Switch network monitoring products.
Vulnerability
An issue in Big Switch Big Monitoring Fabric, Big Cloud Fabric, and Multi-Cloud Director allows a read-only user to access an API endpoint that reveals session cookies of authenticated administrators [1]. Affected versions: Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; Multi-Cloud Director through 1.1.0.
Exploitation
An attacker with a read-only user account can access the vulnerable API endpoint to retrieve session cookies of authenticated administrators [1]. No additional authentication or user interaction is required beyond possessing a valid read-only account. The attacker can then use the stolen cookies to impersonate an administrator.
Impact
Successful exploitation allows the attacker to escalate privileges from read-only to administrative, gaining full control over the application and potentially SSH console access to the affected system [1].
Mitigation
Fixed versions are available: Big Monitoring Fabric 7.1.4, Big Cloud Fabric 5.1.4, and Multi-Cloud Director 1.1.0 [1]. Users should upgrade to these versions or later to remediate the vulnerability. No workarounds have been published.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Big Switch/Big Monitoring Fabricdescription
- Range: 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3
- Range: 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- know.bishopfox.com/advisoriesmitrex_refsource_MISC
- know.bishopfox.com/advisories/big-monitoring-fabricmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.