ID

VAR-201903-0601


CVE

CVE-2019-1745


TITLE

Cisco IOS XE In software OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003035

DESCRIPTION

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected commands. An exploit could allow the attacker to gain root privileges on the affected device. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvj61307. Cisco IOS XE is an operating system developed by Cisco for its network equipment

Trust: 2.07

sources: NVD: CVE-2019-1745 // JVNDB: JVNDB-2019-003035 // BID: 107588 // VULHUB: VHN-149697 // VULMON: CVE-2019-1745

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.3.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.7s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.5bs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.12.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.8as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1csp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.17.1as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4es

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.5s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.7as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.2as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.2sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.12.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.14.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.5s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.2.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.8s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.6as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.5sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.2ts

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.0as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.3sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.3as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.14.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.17.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.0as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.1cs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.6s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1bsp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.14.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.12.0as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.10s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1gsp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.4sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.9s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1asp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4gs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.7as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.2as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.1.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.12.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.2asp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1isp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.7s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6.10e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.17.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.2as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.17.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.5as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.12.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.1as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.9s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.10s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.3asp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.6bs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.7s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.2bs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.6s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.0bs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.0as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.1.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4cs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.17.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.1hsp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.3bsp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.7

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.5as

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.14.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.0cs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.14.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.5s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.7bs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.8s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.8s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.18.0sp

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13.6bs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4bs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.12.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.6s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.16.4ds

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.9.1

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.8.2

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.7.1

Trust: 0.3

sources: BID: 107588 // JVNDB: JVNDB-2019-003035 // NVD: CVE-2019-1745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1745
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1745
value: HIGH

Trust: 1.0

NVD: CVE-2019-1745
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-1119
value: HIGH

Trust: 0.6

VULHUB: VHN-149697
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1745
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1745
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-149697
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1745
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1745
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-1745
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149697 // VULMON: CVE-2019-1745 // JVNDB: JVNDB-2019-003035 // CNNVD: CNNVD-201903-1119 // NVD: CVE-2019-1745 // NVD: CVE-2019-1745

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-149697 // JVNDB: JVNDB-2019-003035 // NVD: CVE-2019-1745

THREAT TYPE

local

Trust: 0.9

sources: BID: 107588 // CNNVD: CNNVD-201903-1119

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201903-1119

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003035

PATCH

title:cisco-sa-20190327-xecmdurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-xecmd

Trust: 0.8

title:Cisco IOS XE Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90533

Trust: 0.6

title:Cisco: Cisco IOS XE Software Command Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190327-xecmd

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/

Trust: 0.1

sources: VULMON: CVE-2019-1745 // JVNDB: JVNDB-2019-003035 // CNNVD: CNNVD-201903-1119

EXTERNAL IDS

db:NVDid:CVE-2019-1745

Trust: 2.9

db:BIDid:107588

Trust: 2.1

db:JVNDBid:JVNDB-2019-003035

Trust: 0.8

db:CNNVDid:CNNVD-201903-1119

Trust: 0.7

db:NSFOCUSid:43064

Trust: 0.6

db:VULHUBid:VHN-149697

Trust: 0.1

db:VULMONid:CVE-2019-1745

Trust: 0.1

sources: VULHUB: VHN-149697 // VULMON: CVE-2019-1745 // BID: 107588 // JVNDB: JVNDB-2019-003035 // CNNVD: CNNVD-201903-1119 // NVD: CVE-2019-1745

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190327-xecmd

Trust: 2.8

url:http://www.securityfocus.com/bid/107588

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-1745

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1745

Trust: 0.8

url:http://www.nsfocus.net/vulndb/43064

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-28888

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/

Trust: 0.1

sources: VULHUB: VHN-149697 // VULMON: CVE-2019-1745 // BID: 107588 // JVNDB: JVNDB-2019-003035 // CNNVD: CNNVD-201903-1119 // NVD: CVE-2019-1745

CREDITS

Cisco.,vendor ?? ??

Trust: 0.6

sources: CNNVD: CNNVD-201903-1119

SOURCES

db:VULHUBid:VHN-149697
db:VULMONid:CVE-2019-1745
db:BIDid:107588
db:JVNDBid:JVNDB-2019-003035
db:CNNVDid:CNNVD-201903-1119
db:NVDid:CVE-2019-1745

LAST UPDATE DATE

2024-08-14T15:28:39.417000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149697date:2021-07-13T00:00:00
db:VULMONid:CVE-2019-1745date:2021-07-13T00:00:00
db:BIDid:107588date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003035date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1119date:2019-10-17T00:00:00
db:NVDid:CVE-2019-1745date:2021-07-13T18:34:58.287

SOURCES RELEASE DATE

db:VULHUBid:VHN-149697date:2019-03-28T00:00:00
db:VULMONid:CVE-2019-1745date:2019-03-28T00:00:00
db:BIDid:107588date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2019-003035date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1119date:2019-03-27T00:00:00
db:NVDid:CVE-2019-1745date:2019-03-28T00:29:00.530