Sign-up

ID

VAR-201909-0171


CVE

CVE-2019-12660


TITLE

Cisco IOS XE Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010193

DESCRIPTION

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning. Cisco IOS XE The software contains an input validation vulnerability.Information may be tampered with. The vulnerability stems from the fact that the program does not properly authenticate and authorize some commands

Trust: 1.71

sources: NVD: CVE-2019-12660 // JVNDB: JVNDB-2019-010193 // VULHUB: VHN-144429

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:gteversion:16.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-010193 // NVD: CVE-2019-12660

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12660
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12660
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12660
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-1123
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144429
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12660
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144429
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12660
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12660
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144429 // JVNDB: JVNDB-2019-010193 // CNNVD: CNNVD-201909-1123 // NVD: CVE-2019-12660 // NVD: CVE-2019-12660

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-144429 // JVNDB: JVNDB-2019-010193 // NVD: CVE-2019-12660

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-1123

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1123

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010193

PATCH
title:cisco-sa-20190925-awrurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-awr
Trust: 0.8
title:Cisco IOS XE Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98541
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010193 // 
            
            
            
            CNNVD: CNNVD-201909-1123

EXTERNAL IDS
db:NVDid:CVE-2019-12660
Trust: 2.5
db:JVNDBid:JVNDB-2019-010193
Trust: 0.8
db:CNNVDid:CNNVD-201909-1123
Trust: 0.7
db:AUSCERTid:ESB-2019.3615.2
Trust: 0.6
db:AUSCERTid:ESB-2019.3615
Trust: 0.6
db:VULHUBid:VHN-144429
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144429 // 
            
            
            
            JVNDB: JVNDB-2019-010193 // 
            
            
            
            CNNVD: CNNVD-201909-1123 // 
            
            
            
            NVD: CVE-2019-12660

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-awr
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12660
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12660
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-webui-cmd-injection
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-vman-cmd-injection
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-utd
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ctspac-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-xss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-rawtcp-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-dt
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-sip-alg
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-isdn-data-leak
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iox-gs
Trust: 0.6
url:httpserv-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-fsdos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-ftp
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-digsig-bypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-ctbypass
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-iosxe-codeexec
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3615.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3615/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ios-xe-privilege-escalation-via-asic-register-write-30417
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144429 // 
            
            
            
            JVNDB: JVNDB-2019-010193 // 
            
            
            
            CNNVD: CNNVD-201909-1123 // 
            
            
            
            NVD: CVE-2019-12660

SOURCES
db:VULHUBid:VHN-144429
db:JVNDBid:JVNDB-2019-010193
db:CNNVDid:CNNVD-201909-1123
db:NVDid:CVE-2019-12660

LAST UPDATE DATE
2024-11-23T21:36:54.560000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144429date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2019-010193date:2019-10-08T00:00:00
db:CNNVDid:CNNVD-201909-1123date:2020-10-09T00:00:00
db:NVDid:CVE-2019-12660date:2024-11-21T04:23:17.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-144429date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-010193date:2019-10-08T00:00:00
db:CNNVDid:CNNVD-201909-1123date:2019-09-25T00:00:00
db:NVDid:CVE-2019-12660date:2019-09-25T21:15:11.077