ID

VAR-201903-0564


CVE

CVE-2019-1753


TITLE

Cisco IOS XE Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002973

DESCRIPTION

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. Cisco IOS XE The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvi42203

Trust: 1.98

sources: NVD: CVE-2019-1753 // JVNDB: JVNDB-2019-002973 // BID: 107602 // VULHUB: VHN-149785

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.10e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.2.0ja

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.7.1

Trust: 0.3

sources: BID: 107602 // JVNDB: JVNDB-2019-002973 // NVD: CVE-2019-1753

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1753
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1753
value: HIGH

Trust: 1.0

NVD: CVE-2019-1753
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-1096
value: HIGH

Trust: 0.6

VULHUB: VHN-149785
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1753
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149785
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1753
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-149785 // JVNDB: JVNDB-2019-002973 // CNNVD: CNNVD-201903-1096 // NVD: CVE-2019-1753 // NVD: CVE-2019-1753

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-149785 // JVNDB: JVNDB-2019-002973 // NVD: CVE-2019-1753

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1096

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 107602 // CNNVD: CNNVD-201903-1096

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002973

PATCH

title:cisco-sa-20190327-iosxe-peurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-pe

Trust: 0.8

title:Cisco IOS XE Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90511

Trust: 0.6

sources: JVNDB: JVNDB-2019-002973 // CNNVD: CNNVD-201903-1096

EXTERNAL IDS

db:NVDid:CVE-2019-1753

Trust: 2.8

db:BIDid:107602

Trust: 2.0

db:JVNDBid:JVNDB-2019-002973

Trust: 0.8

db:CNNVDid:CNNVD-201903-1096

Trust: 0.7

db:VULHUBid:VHN-149785

Trust: 0.1

sources: VULHUB: VHN-149785 // BID: 107602 // JVNDB: JVNDB-2019-002973 // CNNVD: CNNVD-201903-1096 // NVD: CVE-2019-1753

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-iosxe-pe

Trust: 2.6

url:http://www.securityfocus.com/bid/107602

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-1753

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1753

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-149785 // BID: 107602 // JVNDB: JVNDB-2019-002973 // CNNVD: CNNVD-201903-1096 // NVD: CVE-2019-1753

CREDITS

Cisco

Trust: 0.9

sources: BID: 107602 // CNNVD: CNNVD-201903-1096

SOURCES

db:VULHUBid:VHN-149785
db:BIDid:107602
db:JVNDBid:JVNDB-2019-002973
db:CNNVDid:CNNVD-201903-1096
db:NVDid:CVE-2019-1753

LAST UPDATE DATE

2024-08-14T15:38:59.819000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149785date:2019-10-09T00:00:00
db:BIDid:107602date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-002973date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1096date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1753date:2019-10-09T23:47:58.690

SOURCES RELEASE DATE

db:VULHUBid:VHN-149785date:2019-03-28T00:00:00
db:BIDid:107602date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-002973date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201903-1096date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1753date:2019-03-28T00:29:00.840