Details of VAR-201903-0564

ID

VAR-201903-0564

CVE

CVE-2019-1753

TITLE

Cisco IOS XE Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002973

DESCRIPTION

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. Cisco IOS XE The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvi42203

Trust: 1.98

sources: NVD: CVE-2019-1753 // JVNDB: JVNDB-2019-002973 // BID: 107602 // VULHUB: VHN-149785

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.10e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0ja	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	16.7.1	Trust: 0.3

sources: BID: 107602 // JVNDB: JVNDB-2019-002973 // NVD: CVE-2019-1753

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1753
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1753
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1753
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201903-1096
value:	HIGH
Trust: 0.6
VULHUB:	VHN-149785
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1753
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-149785
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1753
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-149785 // JVNDB: JVNDB-2019-002973 // CNNVD: CNNVD-201903-1096 // NVD: CVE-2019-1753 // NVD: CVE-2019-1753

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-149785 // JVNDB: JVNDB-2019-002973 // NVD: CVE-2019-1753

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1096

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 107602 // CNNVD: CNNVD-201903-1096

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002973

PATCH

title:	cisco-sa-20190327-iosxe-pe	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-pe	Trust: 0.8
title:	Cisco IOS XE Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90511	Trust: 0.6

sources: JVNDB: JVNDB-2019-002973 // CNNVD: CNNVD-201903-1096

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1753	Trust: 2.8
db:	BID	id:	107602	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-002973	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-1096	Trust: 0.7
db:	VULHUB	id:	VHN-149785	Trust: 0.1

sources: VULHUB: VHN-149785 // BID: 107602 // JVNDB: JVNDB-2019-002973 // CNNVD: CNNVD-201903-1096 // NVD: CVE-2019-1753

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-iosxe-pe	Trust: 2.6
url:	http://www.securityfocus.com/bid/107602	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1753	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1753	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-149785 // BID: 107602 // JVNDB: JVNDB-2019-002973 // CNNVD: CNNVD-201903-1096 // NVD: CVE-2019-1753

CREDITS

Cisco

Trust: 0.9

sources: BID: 107602 // CNNVD: CNNVD-201903-1096

SOURCES

db:	VULHUB	id:	VHN-149785
db:	BID	id:	107602
db:	JVNDB	id:	JVNDB-2019-002973
db:	CNNVD	id:	CNNVD-201903-1096
db:	NVD	id:	CVE-2019-1753

LAST UPDATE DATE

2024-08-14T15:38:59.819000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149785	date:	2019-10-09T00:00:00
db:	BID	id:	107602	date:	2019-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-002973	date:	2019-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201903-1096	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1753	date:	2019-10-09T23:47:58.690

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149785	date:	2019-03-28T00:00:00
db:	BID	id:	107602	date:	2019-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-002973	date:	2019-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201903-1096	date:	2019-03-27T00:00:00
db:	NVD	id:	CVE-2019-1753	date:	2019-03-28T00:29:00.840