ID

VAR-201903-0569


CVE

CVE-2019-1758


TITLE

Cisco IOS Software authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-003040

DESCRIPTION

A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network. Cisco IOS There is an authentication vulnerability in the software.Information may be tampered with. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvk25074. Cisco Catalyst 6500 Series Switches is a 6500 series modular chassis switch of Cisco (Cisco). Cisco IOS is one of the operating systems developed for its network equipment

Trust: 1.98

sources: NVD: CVE-2019-1758 // JVNDB: JVNDB-2019-003040 // BID: 107616 // VULHUB: VHN-149840

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svm3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(60\)ez12

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(1\)sy6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)ja1n

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(4\)jn1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)jf35

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)ji2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)sp3b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)sy2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svp2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy13

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)sy

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(1\)sy

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(0\)sy

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)sy3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svo1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svg3d

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(1\)sy5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svn2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)sy2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)sy1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sxj10

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(1\)sy2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svi1b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy1a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sxj8

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sxj9

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svk4c

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy8

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(1\)sy4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)sy4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svo2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)sy

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(4a\)ea5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy9

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sxj6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svk4b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy10

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sg8a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy12

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svp1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(1\)sy3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(1\)sy1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)sy

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)sy1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(4\)m12c

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(3\)ea1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(1\)sy1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy4a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy6

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(1\)sy2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)sy1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)sy3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)sy2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(33\)sxj7

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sy11

Trust: 1.0

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:catalyst series switchesscope:eqversion:65000

Trust: 0.3

sources: BID: 107616 // JVNDB: JVNDB-2019-003040 // NVD: CVE-2019-1758

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1758
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1758
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1758
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-1064
value: MEDIUM

Trust: 0.6

VULHUB: VHN-149840
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-1758
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149840
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1758
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1758
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-149840 // JVNDB: JVNDB-2019-003040 // CNNVD: CNNVD-201903-1064 // NVD: CVE-2019-1758 // NVD: CVE-2019-1758

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-149840 // JVNDB: JVNDB-2019-003040 // NVD: CVE-2019-1758

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201903-1064

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201903-1064

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003040

PATCH

title:cisco-sa-20190327-c6500url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-c6500

Trust: 0.8

title:Cisco Catalyst 6500 Series Switches Cisco IOS Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90482

Trust: 0.6

sources: JVNDB: JVNDB-2019-003040 // CNNVD: CNNVD-201903-1064

EXTERNAL IDS

db:NVDid:CVE-2019-1758

Trust: 2.8

db:BIDid:107616

Trust: 2.0

db:JVNDBid:JVNDB-2019-003040

Trust: 0.8

db:CNNVDid:CNNVD-201903-1064

Trust: 0.7

db:CNVDid:CNVD-2020-34304

Trust: 0.1

db:VULHUBid:VHN-149840

Trust: 0.1

sources: VULHUB: VHN-149840 // BID: 107616 // JVNDB: JVNDB-2019-003040 // CNNVD: CNNVD-201903-1064 // NVD: CVE-2019-1758

REFERENCES

url:http://www.securityfocus.com/bid/107616

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-c6500

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1758

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1758

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

sources: VULHUB: VHN-149840 // BID: 107616 // JVNDB: JVNDB-2019-003040 // CNNVD: CNNVD-201903-1064 // NVD: CVE-2019-1758

CREDITS

Cisco

Trust: 0.9

sources: BID: 107616 // CNNVD: CNNVD-201903-1064

SOURCES

db:VULHUBid:VHN-149840
db:BIDid:107616
db:JVNDBid:JVNDB-2019-003040
db:CNNVDid:CNNVD-201903-1064
db:NVDid:CVE-2019-1758

LAST UPDATE DATE

2024-11-23T22:12:08.555000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149840date:2019-10-09T00:00:00
db:BIDid:107616date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003040date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1064date:2019-10-10T00:00:00
db:NVDid:CVE-2019-1758date:2024-11-21T04:37:18.167

SOURCES RELEASE DATE

db:VULHUBid:VHN-149840date:2019-03-28T00:00:00
db:BIDid:107616date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003040date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1064date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1758date:2019-03-28T01:29:00.453