ID

VAR-201905-0597


CVE

CVE-2019-1862


TITLE

Cisco Trust Anchor module (TAm) improperly checks code and Cisco IOS XE web UI does not sanitize user input

Trust: 0.8

sources: CERT/CC: VU#400865

DESCRIPTION

A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges, which may lead to complete system compromise. Cisco's Trust Anchor module (TAm) can be bypassed through manipulating the bitstream of the Field Programmable Gate Array (FPGA). This component handles access control to a hardware component within Cisco's Secure Boot implementations, which affects multiple products that support this functionality. An authenticated, local attacker could bypass the Secure Boot and make persistent changes to the root trust for software integrity. Cisco IOS XE The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOS XE Software is prone to a remote command-injection vulnerability. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.7

sources: NVD: CVE-2019-1862 // CERT/CC: VU#400865 // JVNDB: JVNDB-2019-003443 // BID: 108331 // VULHUB: VHN-150984

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.3.7

Trust: 1.0

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe software denaliscope:eqversion:16.3.7

Trust: 0.3

sources: CERT/CC: VU#400865 // BID: 108331 // JVNDB: JVNDB-2019-003443 // NVD: CVE-2019-1862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1862
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1862
value: HIGH

Trust: 1.0

NVD: CVE-2019-1862
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-342
value: HIGH

Trust: 0.6

VULHUB: VHN-150984
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1862
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150984
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1862
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-150984 // JVNDB: JVNDB-2019-003443 // CNNVD: CNNVD-201905-342 // NVD: CVE-2019-1862 // NVD: CVE-2019-1862

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-150984 // JVNDB: JVNDB-2019-003443 // NVD: CVE-2019-1862

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-342

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 108331 // CNNVD: CNNVD-201905-342

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003443

PATCH

title:cisco-sa-20190513-webuiurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-webui

Trust: 0.8

title:Cisco IOS XE Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92501

Trust: 0.6

sources: JVNDB: JVNDB-2019-003443 // CNNVD: CNNVD-201905-342

EXTERNAL IDS

db:CERT/CCid:VU#400865

Trust: 3.6

db:NVDid:CVE-2019-1862

Trust: 2.8

db:BIDid:108331

Trust: 2.0

db:JVNid:JVNVU97735735

Trust: 0.8

db:JVNDBid:JVNDB-2019-003443

Trust: 0.8

db:CNNVDid:CNNVD-201905-342

Trust: 0.7

db:AUSCERTid:ESB-2019.1687

Trust: 0.6

db:VULHUBid:VHN-150984

Trust: 0.1

sources: CERT/CC: VU#400865 // VULHUB: VHN-150984 // BID: 108331 // JVNDB: JVNDB-2019-003443 // CNNVD: CNNVD-201905-342 // NVD: CVE-2019-1862

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190513-webui

Trust: 2.8

url:http://www.securityfocus.com/bid/108331

Trust: 2.3

url:https://www.kb.cert.org/vuls/id/400865/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1862

Trust: 1.4

url:https://www.kb.cert.org/vuls/id/400865

Trust: 1.1

url:http://www.cisco.com/

Trust: 0.9

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190513-secureboot

Trust: 0.8

url:https://thrangrycat.com/

Trust: 0.8

url:https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

Trust: 0.8

url:https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/trustworthy-technologies-datasheet.pdf

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1862

Trust: 0.8

url:https://jvn.jp/vu/jvnvu97735735/

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-xe-shell-command-execution-via-web-ui-29280

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80794

Trust: 0.6

sources: CERT/CC: VU#400865 // VULHUB: VHN-150984 // BID: 108331 // JVNDB: JVNDB-2019-003443 // CNNVD: CNNVD-201905-342 // NVD: CVE-2019-1862

CREDITS

Mr. James Chambers (Security Researcher) of Red Balloon Security,Mr. James Chambers of Red Balloon Security.

Trust: 0.6

sources: CNNVD: CNNVD-201905-342

SOURCES

db:CERT/CCid:VU#400865
db:VULHUBid:VHN-150984
db:BIDid:108331
db:JVNDBid:JVNDB-2019-003443
db:CNNVDid:CNNVD-201905-342
db:NVDid:CVE-2019-1862

LAST UPDATE DATE

2024-08-14T15:28:36.951000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#400865date:2019-05-16T00:00:00
db:VULHUBid:VHN-150984date:2019-05-15T00:00:00
db:BIDid:108331date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2019-003443date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201905-342date:2019-05-16T00:00:00
db:NVDid:CVE-2019-1862date:2019-05-15T15:09:00.257

SOURCES RELEASE DATE

db:CERT/CCid:VU#400865date:2019-05-14T00:00:00
db:VULHUBid:VHN-150984date:2019-05-13T00:00:00
db:BIDid:108331date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2019-003443date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201905-342date:2019-05-13T00:00:00
db:NVDid:CVE-2019-1862date:2019-05-13T20:29:03.007