Details of VAR-201906-0681

ID

VAR-201906-0681

CVE

CVE-2019-1842

TITLE

Cisco IOS XR Authorization vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-005275

DESCRIPTION

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information. Cisco IOS XR There is an authorization vulnerability in the software.Information may be obtained and information may be altered. An attacker can exploit this issue to gain unauthorized access, perform unintended actions and cause denial-of-service conditions. This may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCvo03672. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.98

sources: NVD: CVE-2019-1842 // JVNDB: JVNDB-2019-005275 // BID: 108687 // VULHUB: VHN-150764

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	6.4.2.tools	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.1.3.tools	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.2.3.tools	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.1.2.tools	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	network convergence system	scope:	eq	version:	55080	Trust: 0.3
vendor:	cisco	model:	ncs 8-slot chassis	scope:	eq	version:	6008-0	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	6.5	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	6.2	Trust: 0.3
vendor:	cisco	model:	carrier routing system	scope:	eq	version:	-	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	99220	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	99120	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	99100	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	99060	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	99040	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	99010	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	90100	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	90060	Trust: 0.3
vendor:	cisco	model:	asr router	scope:	eq	version:	90010	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	ne	version:	7.0	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	ne	version:	6.6.2	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	ne	version:	6.5.3	Trust: 0.3

sources: BID: 108687 // JVNDB: JVNDB-2019-005275 // NVD: CVE-2019-1842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1842
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1842
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1842
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201906-163
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-150764
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1842
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-150764
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1842
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1842
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-150764 // JVNDB: JVNDB-2019-005275 // CNNVD: CNNVD-201906-163 // NVD: CVE-2019-1842 // NVD: CVE-2019-1842

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.9
problemtype:	CWE-287	Trust: 1.1

sources: VULHUB: VHN-150764 // JVNDB: JVNDB-2019-005275 // NVD: CVE-2019-1842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-163

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201906-163

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005275

PATCH

title:	cisco-sa-20190605-iosxr-ssh	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-iosxr-ssh	Trust: 0.8
title:	Cisco IOS XR Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93255	Trust: 0.6

sources: JVNDB: JVNDB-2019-005275 // CNNVD: CNNVD-201906-163

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1842	Trust: 2.8
db:	BID	id:	108687	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-005275	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-163	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2024	Trust: 0.6
db:	VULHUB	id:	VHN-150764	Trust: 0.1

sources: VULHUB: VHN-150764 // BID: 108687 // JVNDB: JVNDB-2019-005275 // CNNVD: CNNVD-201906-163 // NVD: CVE-2019-1842

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190605-iosxr-ssh	Trust: 2.6
url:	http://www.securityfocus.com/bid/108687	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1842	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1842	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-ios-xr-information-disclosure-via-ssh-double-authentication-29476	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2024/	Trust: 0.6

sources: VULHUB: VHN-150764 // BID: 108687 // JVNDB: JVNDB-2019-005275 // CNNVD: CNNVD-201906-163 // NVD: CVE-2019-1842

CREDITS

Adam Haleen of Cellcom Wireless

Trust: 0.9

sources: BID: 108687 // CNNVD: CNNVD-201906-163

SOURCES

db:	VULHUB	id:	VHN-150764
db:	BID	id:	108687
db:	JVNDB	id:	JVNDB-2019-005275
db:	CNNVD	id:	CNNVD-201906-163
db:	NVD	id:	CVE-2019-1842

LAST UPDATE DATE

2024-08-14T15:38:52.756000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150764	date:	2020-10-16T00:00:00
db:	BID	id:	108687	date:	2019-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-005275	date:	2019-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201906-163	date:	2020-10-19T00:00:00
db:	NVD	id:	CVE-2019-1842	date:	2020-10-16T15:41:44.930

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150764	date:	2019-06-05T00:00:00
db:	BID	id:	108687	date:	2019-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-005275	date:	2019-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201906-163	date:	2019-06-05T00:00:00
db:	NVD	id:	CVE-2019-1842	date:	2019-06-05T17:29:00.430