ID

VAR-201903-0562


CVE

CVE-2019-1755


TITLE

Cisco IOS XE Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002959

DESCRIPTION

A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device. Cisco IOS XE The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability stems from the fact that the program does not properly filter the input submitted by the user

Trust: 2.07

sources: NVD: CVE-2019-1755 // JVNDB: JVNDB-2019-002959 // BID: 107380 // VULHUB: VHN-149807 // VULMON: CVE-2019-1755

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.3.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.10e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.2.0ja

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.7

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.2.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.8

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.1.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.1.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.7.1

Trust: 0.3

vendor:ciscomodel:ios fujiscope:eqversion:16.9.1

Trust: 0.3

vendor:ciscomodel:ios fujiscope:eqversion:16.8.1

Trust: 0.3

sources: BID: 107380 // JVNDB: JVNDB-2019-002959 // NVD: CVE-2019-1755

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1755
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1755
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1755
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-1090
value: HIGH

Trust: 0.6

VULHUB: VHN-149807
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1755
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1755
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-149807
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1755
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1755
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-149807 // VULMON: CVE-2019-1755 // JVNDB: JVNDB-2019-002959 // CNNVD: CNNVD-201903-1090 // NVD: CVE-2019-1755 // NVD: CVE-2019-1755

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-149807 // JVNDB: JVNDB-2019-002959 // NVD: CVE-2019-1755

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1090

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 107380 // CNNVD: CNNVD-201903-1090

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002959

PATCH

title:cisco-sa-20190327-iosxe-cmdinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj

Trust: 0.8

title:Cisco IOS XE Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90505

Trust: 0.6

title:Cisco: Cisco IOS XE Software Command Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190327-iosxe-cmdinj

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/

Trust: 0.1

sources: VULMON: CVE-2019-1755 // JVNDB: JVNDB-2019-002959 // CNNVD: CNNVD-201903-1090

EXTERNAL IDS

db:NVDid:CVE-2019-1755

Trust: 2.9

db:BIDid:107380

Trust: 2.1

db:JVNDBid:JVNDB-2019-002959

Trust: 0.8

db:CNNVDid:CNNVD-201903-1090

Trust: 0.7

db:VULHUBid:VHN-149807

Trust: 0.1

db:VULMONid:CVE-2019-1755

Trust: 0.1

sources: VULHUB: VHN-149807 // VULMON: CVE-2019-1755 // BID: 107380 // JVNDB: JVNDB-2019-002959 // CNNVD: CNNVD-201903-1090 // NVD: CVE-2019-1755

REFERENCES

url:http://www.securityfocus.com/bid/107380

Trust: 2.5

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-iosxe-cmdinj

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-1755

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1755

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/

Trust: 0.1

sources: VULHUB: VHN-149807 // VULMON: CVE-2019-1755 // BID: 107380 // JVNDB: JVNDB-2019-002959 // CNNVD: CNNVD-201903-1090 // NVD: CVE-2019-1755

CREDITS

Cisco

Trust: 0.9

sources: BID: 107380 // CNNVD: CNNVD-201903-1090

SOURCES

db:VULHUBid:VHN-149807
db:VULMONid:CVE-2019-1755
db:BIDid:107380
db:JVNDBid:JVNDB-2019-002959
db:CNNVDid:CNNVD-201903-1090
db:NVDid:CVE-2019-1755

LAST UPDATE DATE

2024-08-14T15:07:43.817000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149807date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-1755date:2019-10-09T00:00:00
db:BIDid:107380date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-002959date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1090date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1755date:2019-10-09T23:47:59.033

SOURCES RELEASE DATE

db:VULHUBid:VHN-149807date:2019-03-28T00:00:00
db:VULMONid:CVE-2019-1755date:2019-03-28T00:00:00
db:BIDid:107380date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-002959date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1090date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1755date:2019-03-28T01:29:00.330