Details of VAR-201902-0449

ID

VAR-201902-0449

CVE

CVE-2019-1681

TITLE

Cisco IOS XR Software path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001932

DESCRIPTION

A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques in malicious requests sent to the TFTP service on a targeted device. An exploit could allow the attacker to retrieve arbitrary files from the targeted device, resulting in the disclosure of sensitive information. This vulnerability affects Cisco IOS XR Software releases prior to Release 6.5.2 for Cisco Network Convergence System 1000 Series devices when the TFTP service is enabled. Cisco IOS XR The software contains a path traversal vulnerability.Information may be obtained. This issue is tracked by Cisco Bug ID CSCvk32415

Trust: 2.07

sources: NVD: CVE-2019-1681 // JVNDB: JVNDB-2019-001932 // BID: 107107 // VULHUB: VHN-148993 // VULMON: CVE-2019-1681

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	lt	version:	6.5.2	Trust: 1.8
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5	Trust: 0.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.1	Trust: 0.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.7.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	cisco	model:	network convergence system series 6.5.2.9i.base	scope:	ne	version:	1000	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.8.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.6.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.8.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.4	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	cisco	model:	network convergence system series 6.5.2.10i.base	scope:	ne	version:	1000	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.6.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.9	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.0	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.9.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.2.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	cisco	model:	network convergence system series 7.0.1.19i.base	scope:	ne	version:	1000	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.1.0	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.7.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.50	Trust: 0.3
vendor:	cisco	model:	network convergence system series 6.6.11.12i.base	scope:	ne	version:	1000	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.1.0	Trust: 0.3
vendor:	cisco	model:	network convergence system series 6.5.1.base	scope:	eq	version:	1000	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.6	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.7.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.4.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.8.4	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.2.4	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.6.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3.4	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.8.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.7	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5.3	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.3.5	Trust: 0.3
vendor:	cisco	model:	network convergence system series 6.6.1.19i.base	scope:	ne	version:	1000	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.6	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.9.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.8	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	5.3.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.11	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	ne	version:	6.5.2	Trust: 0.3

sources: BID: 107107 // JVNDB: JVNDB-2019-001932 // NVD: CVE-2019-1681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1681
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1681
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1681
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201902-799
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148993
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-1681
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1681
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-148993
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1681
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1681
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-148993 // VULMON: CVE-2019-1681 // JVNDB: JVNDB-2019-001932 // CNNVD: CNNVD-201902-799 // NVD: CVE-2019-1681 // NVD: CVE-2019-1681

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.9
problemtype:	CWE-200	Trust: 1.0

sources: VULHUB: VHN-148993 // JVNDB: JVNDB-2019-001932 // NVD: CVE-2019-1681

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-799

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201902-799

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001932

PATCH

title:	cisco-sa-20190220-ncs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ncs	Trust: 0.8
title:	Cisco Network Convergence System 1000 Series IOS XR Software Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89593	Trust: 0.6
title:	Cisco: Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190220-ncs	Trust: 0.1

sources: VULMON: CVE-2019-1681 // JVNDB: JVNDB-2019-001932 // CNNVD: CNNVD-201902-799

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1681	Trust: 2.9
db:	BID	id:	107107	Trust: 2.1
db:	JVNDB	id:	JVNDB-2019-001932	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-799	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0535	Trust: 0.6
db:	NSFOCUS	id:	42790	Trust: 0.6
db:	VULHUB	id:	VHN-148993	Trust: 0.1
db:	VULMON	id:	CVE-2019-1681	Trust: 0.1

sources: VULHUB: VHN-148993 // VULMON: CVE-2019-1681 // BID: 107107 // JVNDB: JVNDB-2019-001932 // CNNVD: CNNVD-201902-799 // NVD: CVE-2019-1681

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-ncs	Trust: 2.2
url:	http://www.securityfocus.com/bid/107107	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1681	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1681	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/42790	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/75886	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-148993 // VULMON: CVE-2019-1681 // BID: 107107 // JVNDB: JVNDB-2019-001932 // CNNVD: CNNVD-201902-799 // NVD: CVE-2019-1681

CREDITS

This vulnerability was found during internal security testing.,Cisco,vendor ?? ??

Trust: 0.6

sources: CNNVD: CNNVD-201902-799

SOURCES

db:	VULHUB	id:	VHN-148993
db:	VULMON	id:	CVE-2019-1681
db:	BID	id:	107107
db:	JVNDB	id:	JVNDB-2019-001932
db:	CNNVD	id:	CNNVD-201902-799
db:	NVD	id:	CVE-2019-1681

LAST UPDATE DATE

2024-11-23T22:33:59.030000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148993	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2019-1681	date:	2019-10-09T00:00:00
db:	BID	id:	107107	date:	2019-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-001932	date:	2019-03-29T00:00:00
db:	CNNVD	id:	CNNVD-201902-799	date:	2019-02-28T00:00:00
db:	NVD	id:	CVE-2019-1681	date:	2024-11-21T04:37:05.170

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148993	date:	2019-02-21T00:00:00
db:	VULMON	id:	CVE-2019-1681	date:	2019-02-21T00:00:00
db:	BID	id:	107107	date:	2019-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-001932	date:	2019-03-29T00:00:00
db:	CNNVD	id:	CNNVD-201902-799	date:	2019-02-21T00:00:00
db:	NVD	id:	CVE-2019-1681	date:	2019-02-21T20:29:00.290