ID

VAR-201903-0593


CVE

CVE-2019-1742


TITLE

Cisco IOS XE Software access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003033

DESCRIPTION

A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information. This issue is being tracked by Cisco Bug ID CSCvi36797

Trust: 1.98

sources: NVD: CVE-2019-1742 // JVNDB: JVNDB-2019-003033 // BID: 107600 // VULHUB: VHN-149664

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.3.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.2.0ja

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1a

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.7.1

Trust: 0.3

sources: BID: 107600 // JVNDB: JVNDB-2019-003033 // NVD: CVE-2019-1742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1742
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1742
value: HIGH

Trust: 1.0

NVD: CVE-2019-1742
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-1116
value: MEDIUM

Trust: 0.6

VULHUB: VHN-149664
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1742
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149664
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1742
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1742
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-1742
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149664 // JVNDB: JVNDB-2019-003033 // CNNVD: CNNVD-201903-1116 // NVD: CVE-2019-1742 // NVD: CVE-2019-1742

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-149664 // JVNDB: JVNDB-2019-003033 // NVD: CVE-2019-1742

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1116

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201903-1116

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003033

PATCH

title:cisco-sa-20190327-xeidurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xeid

Trust: 0.8

title:Cisco IOS XE Fixes for configuration error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90530

Trust: 0.6

sources: JVNDB: JVNDB-2019-003033 // CNNVD: CNNVD-201903-1116

EXTERNAL IDS

db:NVDid:CVE-2019-1742

Trust: 2.8

db:BIDid:107600

Trust: 2.0

db:JVNDBid:JVNDB-2019-003033

Trust: 0.8

db:CNNVDid:CNNVD-201903-1116

Trust: 0.7

db:NSFOCUSid:43066

Trust: 0.6

db:VULHUBid:VHN-149664

Trust: 0.1

sources: VULHUB: VHN-149664 // BID: 107600 // JVNDB: JVNDB-2019-003033 // CNNVD: CNNVD-201903-1116 // NVD: CVE-2019-1742

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-xeid

Trust: 2.6

url:http://www.securityfocus.com/bid/107600

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-1742

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1742

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

url:http://www.nsfocus.net/vulndb/43066

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-149664 // BID: 107600 // JVNDB: JVNDB-2019-003033 // CNNVD: CNNVD-201903-1116 // NVD: CVE-2019-1742

CREDITS

Cisco

Trust: 0.9

sources: BID: 107600 // CNNVD: CNNVD-201903-1116

SOURCES

db:VULHUBid:VHN-149664
db:BIDid:107600
db:JVNDBid:JVNDB-2019-003033
db:CNNVDid:CNNVD-201903-1116
db:NVDid:CVE-2019-1742

LAST UPDATE DATE

2024-08-14T13:26:50.370000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149664date:2020-10-08T00:00:00
db:BIDid:107600date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003033date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1116date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1742date:2020-10-08T20:36:02.917

SOURCES RELEASE DATE

db:VULHUBid:VHN-149664date:2019-03-28T00:00:00
db:BIDid:107600date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003033date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1116date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1742date:2019-03-28T00:29:00.450