ID

VAR-201903-0570


CVE

CVE-2019-1759


TITLE

Cisco IOS XE Software access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003041

DESCRIPTION

A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface. Cisco IOS XE There is an access control vulnerability in the software.Information may be obtained. This may aid in further attacks. This issue is tracked by Cisco Bug IDs CSCvk47405, and CSCvm97704

Trust: 2.07

sources: NVD: CVE-2019-1759 // JVNDB: JVNDB-2019-003041 // BID: 107660 // VULHUB: VHN-149851 // VULMON: CVE-2019-1759

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.3.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.2.0ja

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.7

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.2.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope:eqversion:16.1.1

Trust: 0.3

vendor:ciscomodel:catalyst series switchesscope:eqversion:920016.10.1

Trust: 0.3

vendor:ciscomodel:3g wireless wanscope:eqversion:0

Trust: 0.3

sources: BID: 107660 // JVNDB: JVNDB-2019-003041 // NVD: CVE-2019-1759

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1759
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1759
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1759
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-1074
value: MEDIUM

Trust: 0.6

VULHUB: VHN-149851
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-1759
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1759
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2019-1759
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-149851
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1759
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1759
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-1759
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149851 // VULMON: CVE-2019-1759 // JVNDB: JVNDB-2019-003041 // CNNVD: CNNVD-201903-1074 // NVD: CVE-2019-1759 // NVD: CVE-2019-1759

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-149851 // JVNDB: JVNDB-2019-003041 // NVD: CVE-2019-1759

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1074

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201903-1074

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003041

PATCH

title:cisco-sa-20190327-mgmtaclurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-mgmtacl

Trust: 0.8

title:Cisco IOS XE Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90491

Trust: 0.6

title:Cisco: Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190327-mgmtacl

Trust: 0.1

title:CVE-2019-1759-csrf-js-rceurl:https://github.com/r3m0t3nu11/CVE-2019-1759

Trust: 0.1

title:CVE-2019-1759-csrf-js-rceurl:https://github.com/r3m0t3nu11/CVE-2019-1759-csrf-js-rce

Trust: 0.1

title:PoCurl:https://github.com/Jonathan-Elias/PoC

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

sources: VULMON: CVE-2019-1759 // JVNDB: JVNDB-2019-003041 // CNNVD: CNNVD-201903-1074

EXTERNAL IDS

db:NVDid:CVE-2019-1759

Trust: 2.9

db:BIDid:107660

Trust: 2.1

db:JVNDBid:JVNDB-2019-003041

Trust: 0.8

db:CNNVDid:CNNVD-201903-1074

Trust: 0.7

db:NSFOCUSid:43598

Trust: 0.6

db:VULHUBid:VHN-149851

Trust: 0.1

db:VULMONid:CVE-2019-1759

Trust: 0.1

sources: VULHUB: VHN-149851 // VULMON: CVE-2019-1759 // BID: 107660 // JVNDB: JVNDB-2019-003041 // CNNVD: CNNVD-201903-1074 // NVD: CVE-2019-1759

REFERENCES

url:http://www.securityfocus.com/bid/107660

Trust: 2.5

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-mgmtacl

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-1759

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1759

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

url:http://www.nsfocus.net/vulndb/43598

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://github.com/r3m0t3nu11/cve-2019-1759

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-149851 // VULMON: CVE-2019-1759 // BID: 107660 // JVNDB: JVNDB-2019-003041 // CNNVD: CNNVD-201903-1074 // NVD: CVE-2019-1759

CREDITS

Cisco ?? ??,Cisco

Trust: 0.6

sources: CNNVD: CNNVD-201903-1074

SOURCES

db:VULHUBid:VHN-149851
db:VULMONid:CVE-2019-1759
db:BIDid:107660
db:JVNDBid:JVNDB-2019-003041
db:CNNVDid:CNNVD-201903-1074
db:NVDid:CVE-2019-1759

LAST UPDATE DATE

2024-08-14T15:12:51.533000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149851date:2020-10-09T00:00:00
db:VULMONid:CVE-2019-1759date:2020-10-09T00:00:00
db:BIDid:107660date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003041date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1074date:2020-10-10T00:00:00
db:NVDid:CVE-2019-1759date:2020-10-09T14:23:05.493

SOURCES RELEASE DATE

db:VULHUBid:VHN-149851date:2019-03-28T00:00:00
db:VULMONid:CVE-2019-1759date:2019-03-28T00:00:00
db:BIDid:107660date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003041date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1074date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1759date:2019-03-28T01:29:00.487