Details of VAR-201903-0574

ID

VAR-201903-0574

CVE

CVE-2019-1762

TITLE

Cisco IOS and IOS XE Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-003044

DESCRIPTION

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug IDs CSCvg97571 and CSCvi66418

Trust: 1.98

sources: NVD: CVE-2019-1762 // JVNDB: JVNDB-2019-003044 // BID: 107594 // VULHUB: VHN-149884

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(6\)i1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jn2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svm3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svi1b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3.1\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(4\)m12c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(4a\)ea5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)sp3b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svo2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svp1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)ja1n	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jf35	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svo1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(3\)ea1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jn1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1d	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1c	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svn2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svg3d	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)ji2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1d	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(2\)sg8a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(4\)jn1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	16.9.1	Trust: 0.3
vendor:	cisco	model:	ios 15.6 m	scope:	-	version:	-	Trust: 0.3

sources: BID: 107594 // JVNDB: JVNDB-2019-003044 // NVD: CVE-2019-1762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1762
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1762
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1762
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201903-1068
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-149884
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-1762
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-149884
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1762
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-149884 // JVNDB: JVNDB-2019-003044 // CNNVD: CNNVD-201903-1068 // NVD: CVE-2019-1762 // NVD: CVE-2019-1762

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-149884 // JVNDB: JVNDB-2019-003044 // NVD: CVE-2019-1762

THREAT TYPE

local

Trust: 0.9

sources: BID: 107594 // CNNVD: CNNVD-201903-1068

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201903-1068

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003044

PATCH

title:	cisco-sa-20190327-info	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-info	Trust: 0.8
title:	Cisco IOS and IOS XE Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90486	Trust: 0.6

sources: JVNDB: JVNDB-2019-003044 // CNNVD: CNNVD-201903-1068

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1762	Trust: 2.8
db:	BID	id:	107594	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-003044	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-1068	Trust: 0.7
db:	VULHUB	id:	VHN-149884	Trust: 0.1

sources: VULHUB: VHN-149884 // BID: 107594 // JVNDB: JVNDB-2019-003044 // CNNVD: CNNVD-201903-1068 // NVD: CVE-2019-1762

REFERENCES

url:	http://www.securityfocus.com/bid/107594	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-info	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1762	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1762	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-149884 // BID: 107594 // JVNDB: JVNDB-2019-003044 // CNNVD: CNNVD-201903-1068 // NVD: CVE-2019-1762

CREDITS

Cisco

Trust: 0.9

sources: BID: 107594 // CNNVD: CNNVD-201903-1068

SOURCES

db:	VULHUB	id:	VHN-149884
db:	BID	id:	107594
db:	JVNDB	id:	JVNDB-2019-003044
db:	CNNVD	id:	CNNVD-201903-1068
db:	NVD	id:	CVE-2019-1762

LAST UPDATE DATE

2024-08-14T15:23:12.557000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149884	date:	2019-10-09T00:00:00
db:	BID	id:	107594	date:	2019-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-003044	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-1068	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-1762	date:	2019-10-09T23:48:03.863

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149884	date:	2019-03-28T00:00:00
db:	BID	id:	107594	date:	2019-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-003044	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-1068	date:	2019-03-27T00:00:00
db:	NVD	id:	CVE-2019-1762	date:	2019-03-28T01:29:00.610