ID

VAR-201909-0158


CVE

CVE-2019-12649


TITLE

Cisco IOS XE Vulnerabilities related to digital signature verification in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-010176

DESCRIPTION

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. Cisco IOS XE The software contains a vulnerability related to digital signature verification.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Catalyst 3850 Series Switches and Cisco Catalyst 9300 Series Switches are both Cisco products. Cisco Catalyst 3850 Series Switches is a 3850 series switch. Cisco Catalyst 9300 Series Switches is a 9300 series switch. IOS XE is a set of operating systems developed for its network equipment

Trust: 2.25

sources: NVD: CVE-2019-12649 // JVNDB: JVNDB-2019-010176 // CNVD: CNVD-2019-34372 // VULHUB: VHN-144416

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-34372

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8\(1\)

Trust: 1.0

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:catalyst series switchesscope:eqversion:3850

Trust: 0.6

vendor:ciscomodel:catalyst series switchesscope:eqversion:9300

Trust: 0.6

vendor:ciscomodel:catalyst 3850-12xs-sscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:catalyst 3850-12xs-escope:eqversion: -

Trust: 0.6

vendor:ciscomodel:catalyst 3850-24p-escope:eqversion: -

Trust: 0.6

vendor:ciscomodel:catalyst 3850-16xs-escope:eqversion: -

Trust: 0.6

vendor:ciscomodel:catalyst 3850-24p-sscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:catalyst 3850-12s-sscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:catalyst 3850-12s-escope:eqversion: -

Trust: 0.6

vendor:ciscomodel:catalyst 3850-16xs-sscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:catalyst 3850-24p-lscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:16.81

Trust: 0.6

sources: CNVD: CNVD-2019-34372 // JVNDB: JVNDB-2019-010176 // CNNVD: CNNVD-201909-1126 // NVD: CVE-2019-12649

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12649
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12649
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12649
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-34372
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-1126
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144416
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12649
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-34372
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-144416
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12649
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12649
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-34372 // VULHUB: VHN-144416 // JVNDB: JVNDB-2019-010176 // CNNVD: CNNVD-201909-1126 // NVD: CVE-2019-12649 // NVD: CVE-2019-12649

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.9

sources: VULHUB: VHN-144416 // JVNDB: JVNDB-2019-010176 // NVD: CVE-2019-12649

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-1126

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201909-1126

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010176

PATCH

title:cisco-sa-20190925-iosxe-digsig-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass

Trust: 0.8

title:Patch for Cisco Catalyst 3850 Series Switches and 9300 Series Switches IOS XE Data Forgery Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/183825

Trust: 0.6

title:Cisco IOS and IOS XE Repair measures for data forgery problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98544

Trust: 0.6

sources: CNVD: CNVD-2019-34372 // JVNDB: JVNDB-2019-010176 // CNNVD: CNNVD-201909-1126

EXTERNAL IDS

db:NVDid:CVE-2019-12649

Trust: 3.1

db:JVNDBid:JVNDB-2019-010176

Trust: 0.8

db:CNNVDid:CNNVD-201909-1126

Trust: 0.7

db:CNVDid:CNVD-2019-34372

Trust: 0.6

db:AUSCERTid:ESB-2019.3615.2

Trust: 0.6

db:AUSCERTid:ESB-2019.3615

Trust: 0.6

db:VULHUBid:VHN-144416

Trust: 0.1

sources: CNVD: CNVD-2019-34372 // VULHUB: VHN-144416 // JVNDB: JVNDB-2019-010176 // CNNVD: CNNVD-201909-1126 // NVD: CVE-2019-12649

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-digsig-bypass

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-12649

Trust: 2.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12649

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-webui-cmd-injection

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-vman-cmd-injection

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-utd

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ctspac-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-rawtcp-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-dt

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-sip-alg

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-isdn-data-leak

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iox-gs

Trust: 0.6

url:httpserv-dos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-fsdos

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ftp

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-ctbypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-codeexec

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-awr

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3615.2/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-privilege-escalation-via-digital-signature-verification-bypass-30431

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3615/

Trust: 0.6

sources: CNVD: CNVD-2019-34372 // VULHUB: VHN-144416 // JVNDB: JVNDB-2019-010176 // CNNVD: CNNVD-201909-1126 // NVD: CVE-2019-12649

CREDITS

ASIG – XB of Cisco during internal security testing

Trust: 0.6

sources: CNNVD: CNNVD-201909-1126

SOURCES

db:CNVDid:CNVD-2019-34372
db:VULHUBid:VHN-144416
db:JVNDBid:JVNDB-2019-010176
db:CNNVDid:CNNVD-201909-1126
db:NVDid:CVE-2019-12649

LAST UPDATE DATE

2024-11-23T21:36:54.373000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-34372date:2019-10-10T00:00:00
db:VULHUBid:VHN-144416date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010176date:2019-10-07T00:00:00
db:CNNVDid:CNNVD-201909-1126date:2019-10-17T00:00:00
db:NVDid:CVE-2019-12649date:2024-11-21T04:23:15.607

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-34372date:2019-10-10T00:00:00
db:VULHUBid:VHN-144416date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-010176date:2019-10-07T00:00:00
db:CNNVDid:CNNVD-201909-1126date:2019-09-25T00:00:00
db:NVDid:CVE-2019-12649date:2019-09-25T20:15:10.557