ID

VAR-201903-0594


CVE

CVE-2019-1743


TITLE

Cisco IOS XE Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003034

DESCRIPTION

A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device. Cisco IOS XE The software contains input validation vulnerabilities and unsafe uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOS XE Software is prone to an arbitrary file-upload vulnerability. This issue is being tracked by Cisco Bug ID CSCvi48984

Trust: 1.98

sources: NVD: CVE-2019-1743 // JVNDB: JVNDB-2019-003034 // BID: 107591 // VULHUB: VHN-149675

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.3

vendor:ciscomodel:ios xescope:eqversion:16.3.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.2.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.9.1

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.8.1

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.7.1

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.9(1)

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.6(1)

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.5(1)

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.4(1)

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.3(1)

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.2.1

Trust: 0.3

sources: BID: 107591 // JVNDB: JVNDB-2019-003034 // NVD: CVE-2019-1743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1743
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1743
value: HIGH

Trust: 1.0

NVD: CVE-2019-1743
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201903-1081
value: CRITICAL

Trust: 0.6

VULHUB: VHN-149675
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1743
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2019-1743
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-149675
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1743
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1743
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-1743
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149675 // JVNDB: JVNDB-2019-003034 // CNNVD: CNNVD-201903-1081 // NVD: CVE-2019-1743 // NVD: CVE-2019-1743

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-434

Trust: 0.9

sources: VULHUB: VHN-149675 // JVNDB: JVNDB-2019-003034 // NVD: CVE-2019-1743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1081

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 107591 // CNNVD: CNNVD-201903-1081

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003034

PATCH

title:cisco-sa-20190327-afuurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-afu

Trust: 0.8

title:Cisco IOS XE Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90498

Trust: 0.6

sources: JVNDB: JVNDB-2019-003034 // CNNVD: CNNVD-201903-1081

EXTERNAL IDS

db:NVDid:CVE-2019-1743

Trust: 2.8

db:BIDid:107591

Trust: 2.0

db:JVNDBid:JVNDB-2019-003034

Trust: 0.8

db:CNNVDid:CNNVD-201903-1081

Trust: 0.7

db:VULHUBid:VHN-149675

Trust: 0.1

sources: VULHUB: VHN-149675 // BID: 107591 // JVNDB: JVNDB-2019-003034 // CNNVD: CNNVD-201903-1081 // NVD: CVE-2019-1743

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-afu

Trust: 2.0

url:http://www.securityfocus.com/bid/107591

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1743

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1743

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-149675 // BID: 107591 // JVNDB: JVNDB-2019-003034 // CNNVD: CNNVD-201903-1081 // NVD: CVE-2019-1743

CREDITS

Cisco

Trust: 0.9

sources: BID: 107591 // CNNVD: CNNVD-201903-1081

SOURCES

db:VULHUBid:VHN-149675
db:BIDid:107591
db:JVNDBid:JVNDB-2019-003034
db:CNNVDid:CNNVD-201903-1081
db:NVDid:CVE-2019-1743

LAST UPDATE DATE

2024-08-14T15:02:24.333000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149675date:2020-10-09T00:00:00
db:BIDid:107591date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003034date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1081date:2019-04-03T00:00:00
db:NVDid:CVE-2019-1743date:2020-10-09T13:54:43.477

SOURCES RELEASE DATE

db:VULHUBid:VHN-149675date:2019-03-28T00:00:00
db:BIDid:107591date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003034date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1081date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1743date:2019-03-28T00:29:00.483