ID

VAR-201903-0574


CVE

CVE-2019-1762


TITLE

Cisco IOS and IOS XE Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-003044

DESCRIPTION

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug IDs CSCvg97571 and CSCvi66418

Trust: 1.98

sources: NVD: CVE-2019-1762 // JVNDB: JVNDB-2019-003044 // BID: 107594 // VULHUB: VHN-149884

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svm3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)ja1n

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)jn1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m1b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(4\)jn1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(6\)i1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)jf35

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)ji2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(2\)sp3b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3.1\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svo1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m3a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svg3d

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svn2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svi1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svo2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(4a\)ea5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sg8a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svp1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.7\(3\)m0a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(4\)m12c

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(3\)ea1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)jn2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.6\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.9.1

Trust: 0.3

vendor:ciscomodel:ios 15.6 mscope: - version: -

Trust: 0.3

sources: BID: 107594 // JVNDB: JVNDB-2019-003044 // NVD: CVE-2019-1762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1762
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1762
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1762
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-1068
value: MEDIUM

Trust: 0.6

VULHUB: VHN-149884
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-1762
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149884
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1762
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-149884 // JVNDB: JVNDB-2019-003044 // CNNVD: CNNVD-201903-1068 // NVD: CVE-2019-1762 // NVD: CVE-2019-1762

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-149884 // JVNDB: JVNDB-2019-003044 // NVD: CVE-2019-1762

THREAT TYPE

local

Trust: 0.9

sources: BID: 107594 // CNNVD: CNNVD-201903-1068

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201903-1068

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003044

PATCH

title:cisco-sa-20190327-infourl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-info

Trust: 0.8

title:Cisco IOS and IOS XE Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90486

Trust: 0.6

sources: JVNDB: JVNDB-2019-003044 // CNNVD: CNNVD-201903-1068

EXTERNAL IDS

db:NVDid:CVE-2019-1762

Trust: 2.8

db:BIDid:107594

Trust: 2.0

db:JVNDBid:JVNDB-2019-003044

Trust: 0.8

db:CNNVDid:CNNVD-201903-1068

Trust: 0.7

db:VULHUBid:VHN-149884

Trust: 0.1

sources: VULHUB: VHN-149884 // BID: 107594 // JVNDB: JVNDB-2019-003044 // CNNVD: CNNVD-201903-1068 // NVD: CVE-2019-1762

REFERENCES

url:http://www.securityfocus.com/bid/107594

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-info

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1762

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1762

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-149884 // BID: 107594 // JVNDB: JVNDB-2019-003044 // CNNVD: CNNVD-201903-1068 // NVD: CVE-2019-1762

CREDITS

Cisco

Trust: 0.9

sources: BID: 107594 // CNNVD: CNNVD-201903-1068

SOURCES

db:VULHUBid:VHN-149884
db:BIDid:107594
db:JVNDBid:JVNDB-2019-003044
db:CNNVDid:CNNVD-201903-1068
db:NVDid:CVE-2019-1762

LAST UPDATE DATE

2024-11-23T22:48:25.600000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149884date:2019-10-09T00:00:00
db:BIDid:107594date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003044date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1068date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1762date:2024-11-21T04:37:19.220

SOURCES RELEASE DATE

db:VULHUBid:VHN-149884date:2019-03-28T00:00:00
db:BIDid:107594date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003044date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1068date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1762date:2019-03-28T01:29:00.610