ID
VAR-201903-0561
CVE
CVE-2019-1754
TITLE
Cisco IOS XE Software input validation vulnerability
Trust: 0.8
DESCRIPTION
A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. Cisco IOS XE The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvi36813
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1c | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.7.1b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.9.1d | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.7.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.7.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1d | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.9.1s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.9.1c | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.9.1b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.2.0ja | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 16.7.1 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
| problemtype: | CWE-269 | Trust: 1.1 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Input Validation Error
Trust: 0.9
CONFIGURATIONS
PATCH
| title: | cisco-sa-20190327-iosxe-privesc | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-privesc | Trust: 0.8 |
| title: | Cisco IOS XE Enter the fix for the verification vulnerability | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90512 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-1754 | Trust: 2.8 |
| db: | BID | id: | 107590 | Trust: 2.0 |
| db: | JVNDB | id: | JVNDB-2019-002958 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201903-1097 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-149796 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/107590 | Trust: 2.3 |
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-iosxe-privesc | Trust: 2.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-1754 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1754 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-149796 |
| db: | BID | id: | 107590 |
| db: | JVNDB | id: | JVNDB-2019-002958 |
| db: | CNNVD | id: | CNNVD-201903-1097 |
| db: | NVD | id: | CVE-2019-1754 |
LAST UPDATE DATE
2024-08-14T15:18:06.351000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-149796 | date: | 2020-10-08T00:00:00 |
| db: | BID | id: | 107590 | date: | 2019-03-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-002958 | date: | 2019-04-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-1097 | date: | 2020-10-09T00:00:00 |
| db: | NVD | id: | CVE-2019-1754 | date: | 2020-10-08T21:01:46.750 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-149796 | date: | 2019-03-28T00:00:00 |
| db: | BID | id: | 107590 | date: | 2019-03-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-002958 | date: | 2019-04-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-1097 | date: | 2019-03-27T00:00:00 |
| db: | NVD | id: | CVE-2019-1754 | date: | 2019-03-28T01:29:00.283 |