Details of VAR-201903-0593

ID

VAR-201903-0593

CVE

CVE-2019-1742

TITLE

Cisco IOS XE Software access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003033

DESCRIPTION

A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information. This issue is being tracked by Cisco Bug ID CSCvi36797

Trust: 1.98

sources: NVD: CVE-2019-1742 // JVNDB: JVNDB-2019-003033 // BID: 107600 // VULHUB: VHN-149664

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0ja	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.5b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	16.7.1	Trust: 0.3

sources: BID: 107600 // JVNDB: JVNDB-2019-003033 // NVD: CVE-2019-1742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1742
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1742
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1742
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201903-1116
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-149664
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1742
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-149664
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1742
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1742
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1742
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-149664 // JVNDB: JVNDB-2019-003033 // CNNVD: CNNVD-201903-1116 // NVD: CVE-2019-1742 // NVD: CVE-2019-1742

PROBLEMTYPE DATA

problemtype:	CWE-16	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-149664 // JVNDB: JVNDB-2019-003033 // NVD: CVE-2019-1742

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1116

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201903-1116

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003033

PATCH

title:	cisco-sa-20190327-xeid	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xeid	Trust: 0.8
title:	Cisco IOS XE Fixes for configuration error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90530	Trust: 0.6

sources: JVNDB: JVNDB-2019-003033 // CNNVD: CNNVD-201903-1116

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1742	Trust: 2.8
db:	BID	id:	107600	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-003033	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-1116	Trust: 0.7
db:	NSFOCUS	id:	43066	Trust: 0.6
db:	VULHUB	id:	VHN-149664	Trust: 0.1

sources: VULHUB: VHN-149664 // BID: 107600 // JVNDB: JVNDB-2019-003033 // CNNVD: CNNVD-201903-1116 // NVD: CVE-2019-1742

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-xeid	Trust: 2.6
url:	http://www.securityfocus.com/bid/107600	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1742	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1742	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43066	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-149664 // BID: 107600 // JVNDB: JVNDB-2019-003033 // CNNVD: CNNVD-201903-1116 // NVD: CVE-2019-1742

CREDITS

Cisco

Trust: 0.9

sources: BID: 107600 // CNNVD: CNNVD-201903-1116

SOURCES

db:	VULHUB	id:	VHN-149664
db:	BID	id:	107600
db:	JVNDB	id:	JVNDB-2019-003033
db:	CNNVD	id:	CNNVD-201903-1116
db:	NVD	id:	CVE-2019-1742

LAST UPDATE DATE

2024-08-14T13:26:50.370000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149664	date:	2020-10-08T00:00:00
db:	BID	id:	107600	date:	2019-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-003033	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-1116	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-1742	date:	2020-10-08T20:36:02.917

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149664	date:	2019-03-28T00:00:00
db:	BID	id:	107600	date:	2019-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-003033	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201903-1116	date:	2019-03-27T00:00:00
db:	NVD	id:	CVE-2019-1742	date:	2019-03-28T00:29:00.450