ID
VAR-201903-0594
CVE
CVE-2019-1743
TITLE
Cisco IOS XE Software input validation vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2019-003034
DESCRIPTION
A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device. Cisco IOS XE The software contains input validation vulnerabilities and unsafe uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOS XE Software is prone to an arbitrary file-upload vulnerability. This issue is being tracked by Cisco Bug ID CSCvi48984
Trust: 1.98
sources:
NVD: CVE-2019-1743 //
JVNDB: JVNDB-2019-003034 //
BID: 107591 //
VULHUB: VHN-149675
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.6.1 | Trust: 1.3 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.5 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.7.1b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.4.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.5.1b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.7.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.5.3 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.2.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.4 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.6.3 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1c | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.5b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.6 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.5.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.3 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.5.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.6.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.5.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.7.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1d | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1e | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.8.1b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.4.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.4.3 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.3.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.2.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ios xe software | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 16.9.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 16.8.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 16.7.1 | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 16.9(1) | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 16.6(1) | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 16.5(1) | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 16.4(1) | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 16.3(1) | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 16.2.1 | Trust: 0.3 |
sources:
BID: 107591 //
JVNDB: JVNDB-2019-003034 //
NVD: CVE-2019-1743
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-149675 //
JVNDB: JVNDB-2019-003034 //
CNNVD: CNNVD-201903-1081 //
NVD: CVE-2019-1743 //
NVD: CVE-2019-1743
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
| problemtype: | CWE-434 | Trust: 0.9 |
sources:
VULHUB: VHN-149675 //
JVNDB: JVNDB-2019-003034 //
NVD: CVE-2019-1743
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201903-1081
TYPE
Input Validation Error
Trust: 0.9
sources:
BID: 107591 //
CNNVD: CNNVD-201903-1081
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-003034
PATCH
| title: | cisco-sa-20190327-afu | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-afu | Trust: 0.8 |
| title: | Cisco IOS XE Enter the fix for the verification vulnerability | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90498 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2019-003034 //
CNNVD: CNNVD-201903-1081
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-1743 | Trust: 2.8 |
| db: | BID | id: | 107591 | Trust: 2.0 |
| db: | JVNDB | id: | JVNDB-2019-003034 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201903-1081 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-149675 | Trust: 0.1 |
sources:
VULHUB: VHN-149675 //
BID: 107591 //
JVNDB: JVNDB-2019-003034 //
CNNVD: CNNVD-201903-1081 //
NVD: CVE-2019-1743
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-afu | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/107591 | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-1743 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1743 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
sources:
VULHUB: VHN-149675 //
BID: 107591 //
JVNDB: JVNDB-2019-003034 //
CNNVD: CNNVD-201903-1081 //
NVD: CVE-2019-1743
CREDITS
Cisco
Trust: 0.9
sources:
BID: 107591 //
CNNVD: CNNVD-201903-1081
SOURCES
| db: | VULHUB | id: | VHN-149675 |
| db: | BID | id: | 107591 |
| db: | JVNDB | id: | JVNDB-2019-003034 |
| db: | CNNVD | id: | CNNVD-201903-1081 |
| db: | NVD | id: | CVE-2019-1743 |
LAST UPDATE DATE
2024-08-14T15:02:24.333000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-149675 | date: | 2020-10-09T00:00:00 |
| db: | BID | id: | 107591 | date: | 2019-03-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-003034 | date: | 2019-05-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-1081 | date: | 2019-04-03T00:00:00 |
| db: | NVD | id: | CVE-2019-1743 | date: | 2020-10-09T13:54:43.477 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-149675 | date: | 2019-03-28T00:00:00 |
| db: | BID | id: | 107591 | date: | 2019-03-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-003034 | date: | 2019-05-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-1081 | date: | 2019-03-27T00:00:00 |
| db: | NVD | id: | CVE-2019-1743 | date: | 2019-03-28T00:29:00.483 |