Details of VAR-201909-0158

ID

VAR-201909-0158

CVE

CVE-2019-12649

TITLE

Cisco IOS XE Vulnerabilities related to digital signature verification in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-010176

DESCRIPTION

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. Cisco IOS XE The software contains a vulnerability related to digital signature verification.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Catalyst 3850 Series Switches and Cisco Catalyst 9300 Series Switches are both Cisco products. Cisco Catalyst 3850 Series Switches is a 3850 series switch. Cisco Catalyst 9300 Series Switches is a 9300 series switch. IOS XE is a set of operating systems developed for its network equipment

Trust: 2.25

sources: NVD: CVE-2019-12649 // JVNDB: JVNDB-2019-010176 // CNVD: CNVD-2019-34372 // VULHUB: VHN-144416

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-34372

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	16.9.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8\(1\)	Trust: 1.0
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst series switches	scope:	eq	version:	3850	Trust: 0.6
vendor:	cisco	model:	catalyst series switches	scope:	eq	version:	9300	Trust: 0.6
vendor:	cisco	model:	catalyst 3850-12xs-s	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 3850-12xs-e	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 3850-24p-e	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 3850-16xs-e	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 3850-24p-s	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 3850-12s-s	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 3850-12s-e	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 3850-16xs-s	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	catalyst 3850-24p-l	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.81	Trust: 0.6

sources: CNVD: CNVD-2019-34372 // JVNDB: JVNDB-2019-010176 // CNNVD: CNNVD-201909-1126 // NVD: CVE-2019-12649

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12649
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12649
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-12649
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-34372
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201909-1126
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-144416
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-12649
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-34372
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-144416
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-12649
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-12649
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2019-34372 // VULHUB: VHN-144416 // JVNDB: JVNDB-2019-010176 // CNNVD: CNNVD-201909-1126 // NVD: CVE-2019-12649 // NVD: CVE-2019-12649

PROBLEMTYPE DATA

problemtype:

CWE-347

Trust: 1.9

sources: VULHUB: VHN-144416 // JVNDB: JVNDB-2019-010176 // NVD: CVE-2019-12649

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-1126

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201909-1126

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010176

PATCH

title:	cisco-sa-20190925-iosxe-digsig-bypass	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass	Trust: 0.8
title:	Patch for Cisco Catalyst 3850 Series Switches and 9300 Series Switches IOS XE Data Forgery Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/183825	Trust: 0.6
title:	Cisco IOS and IOS XE Repair measures for data forgery problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98544	Trust: 0.6

sources: CNVD: CNVD-2019-34372 // JVNDB: JVNDB-2019-010176 // CNNVD: CNNVD-201909-1126

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12649	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-010176	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-1126	Trust: 0.7
db:	CNVD	id:	CNVD-2019-34372	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3615.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3615	Trust: 0.6
db:	VULHUB	id:	VHN-144416	Trust: 0.1

sources: CNVD: CNVD-2019-34372 // VULHUB: VHN-144416 // JVNDB: JVNDB-2019-010176 // CNNVD: CNNVD-201909-1126 // NVD: CVE-2019-12649

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-digsig-bypass	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12649	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12649	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-webui-cmd-injection	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-vman-cmd-injection	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-utd	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ctspac-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-xss	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-rawtcp-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-dt	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-sip-alg	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-isdn-data-leak	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iox-gs	Trust: 0.6
url:	httpserv-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-fsdos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ftp	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-ctbypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-codeexec	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-awr	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3615.2/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xe-privilege-escalation-via-digital-signature-verification-bypass-30431	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3615/	Trust: 0.6

sources: CNVD: CNVD-2019-34372 // VULHUB: VHN-144416 // JVNDB: JVNDB-2019-010176 // CNNVD: CNNVD-201909-1126 // NVD: CVE-2019-12649

CREDITS

ASIG – XB of Cisco during internal security testing

Trust: 0.6

sources: CNNVD: CNNVD-201909-1126

SOURCES

db:	CNVD	id:	CNVD-2019-34372
db:	VULHUB	id:	VHN-144416
db:	JVNDB	id:	JVNDB-2019-010176
db:	CNNVD	id:	CNNVD-201909-1126
db:	NVD	id:	CVE-2019-12649

LAST UPDATE DATE

2024-08-14T13:25:56.532000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-34372	date:	2019-10-10T00:00:00
db:	VULHUB	id:	VHN-144416	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-010176	date:	2019-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201909-1126	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-12649	date:	2019-10-09T23:45:57.480

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-34372	date:	2019-10-10T00:00:00
db:	VULHUB	id:	VHN-144416	date:	2019-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-010176	date:	2019-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201909-1126	date:	2019-09-25T00:00:00
db:	NVD	id:	CVE-2019-12649	date:	2019-09-25T20:15:10.557