Sign-up

ID

VAR-201905-0597


CVE

CVE-2019-1862


TITLE

Cisco Trust Anchor module (TAm) improperly checks code and Cisco IOS XE web UI does not sanitize user input

Trust: 0.8

sources: CERT/CC: VU#400865

DESCRIPTION

A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges, which may lead to complete system compromise. Cisco's Trust Anchor module (TAm) can be bypassed through manipulating the bitstream of the Field Programmable Gate Array (FPGA). This component handles access control to a hardware component within Cisco's Secure Boot implementations, which affects multiple products that support this functionality. An authenticated, local attacker could bypass the Secure Boot and make persistent changes to the root trust for software integrity. Cisco IOS XE The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOS XE Software is prone to a remote command-injection vulnerability. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.7

sources: NVD: CVE-2019-1862 // CERT/CC: VU#400865 // JVNDB: JVNDB-2019-003443 // BID: 108331 // VULHUB: VHN-150984

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.3.7

Trust: 1.0

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe software denaliscope:eqversion:16.3.7

Trust: 0.3

sources: CERT/CC: VU#400865 // BID: 108331 // JVNDB: JVNDB-2019-003443 // NVD: CVE-2019-1862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1862
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1862
value: HIGH

Trust: 1.0

NVD: CVE-2019-1862
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-342
value: HIGH

Trust: 0.6

VULHUB: VHN-150984
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1862
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150984
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1862
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-150984 // JVNDB: JVNDB-2019-003443 // CNNVD: CNNVD-201905-342 // NVD: CVE-2019-1862 // NVD: CVE-2019-1862

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-150984 // JVNDB: JVNDB-2019-003443 // NVD: CVE-2019-1862

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-342

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 108331 // CNNVD: CNNVD-201905-342

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003443

PATCH
title:cisco-sa-20190513-webuiurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-webui
Trust: 0.8
title:Cisco IOS XE Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92501
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003443 // 
            
            
            
            CNNVD: CNNVD-201905-342

EXTERNAL IDS
db:CERT/CCid:VU#400865
Trust: 3.6
db:NVDid:CVE-2019-1862
Trust: 2.8
db:BIDid:108331
Trust: 2.0
db:JVNid:JVNVU97735735
Trust: 0.8
db:JVNDBid:JVNDB-2019-003443
Trust: 0.8
db:CNNVDid:CNNVD-201905-342
Trust: 0.7
db:AUSCERTid:ESB-2019.1687
Trust: 0.6
db:VULHUBid:VHN-150984
Trust: 0.1
sources:
            
            
            CERT/CC: VU#400865 // 
            
            
            
            VULHUB: VHN-150984 // 
            
            
            
            BID: 108331 // 
            
            
            
            JVNDB: JVNDB-2019-003443 // 
            
            
            
            CNNVD: CNNVD-201905-342 // 
            
            
            
            NVD: CVE-2019-1862

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190513-webui
Trust: 2.8
url:http://www.securityfocus.com/bid/108331
Trust: 2.3
url:https://www.kb.cert.org/vuls/id/400865/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1862
Trust: 1.4
url:https://www.kb.cert.org/vuls/id/400865
Trust: 1.1
url:http://www.cisco.com/
Trust: 0.9
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190513-secureboot
Trust: 0.8
url:https://thrangrycat.com/
Trust: 0.8
url:https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
Trust: 0.8
url:https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/trustworthy-technologies-datasheet.pdf
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1862
Trust: 0.8
url:https://jvn.jp/vu/jvnvu97735735/
Trust: 0.8
url:https://vigilance.fr/vulnerability/cisco-ios-xe-shell-command-execution-via-web-ui-29280
Trust: 0.6
url:https://www.auscert.org.au/bulletins/80794
Trust: 0.6
sources:
            
            
            CERT/CC: VU#400865 // 
            
            
            
            VULHUB: VHN-150984 // 
            
            
            
            BID: 108331 // 
            
            
            
            JVNDB: JVNDB-2019-003443 // 
            
            
            
            CNNVD: CNNVD-201905-342 // 
            
            
            
            NVD: CVE-2019-1862

CREDITS
Mr. James Chambers (Security Researcher) of Red Balloon Security,Mr. James Chambers of Red Balloon Security.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-342

SOURCES
db:CERT/CCid:VU#400865
db:VULHUBid:VHN-150984
db:BIDid:108331
db:JVNDBid:JVNDB-2019-003443
db:CNNVDid:CNNVD-201905-342
db:NVDid:CVE-2019-1862

LAST UPDATE DATE
2024-08-14T15:28:36.951000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#400865date:2019-05-16T00:00:00
db:VULHUBid:VHN-150984date:2019-05-15T00:00:00
db:BIDid:108331date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2019-003443date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201905-342date:2019-05-16T00:00:00
db:NVDid:CVE-2019-1862date:2019-05-15T15:09:00.257

SOURCES RELEASE DATE
db:CERT/CCid:VU#400865date:2019-05-14T00:00:00
db:VULHUBid:VHN-150984date:2019-05-13T00:00:00
db:BIDid:108331date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2019-003443date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201905-342date:2019-05-13T00:00:00
db:NVDid:CVE-2019-1862date:2019-05-13T20:29:03.007