Lucene search

CiscoCVE-2019-1755

HistoryMar 28, 2019 - 1:29 a.m.

CVE-2019-1755

2019-03-2801:29:00

CWE-20

cisco

web.nvd.nist.gov

cisco

ios xe

software

vulnerability

remote code execution

cve-2019-1755

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

53.5%

JSON

A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device.

Affected configurations

Nvd

Vulners

Node

ciscoios_xeMatch3.2.0ja

ciscoios_xeMatch3.6.10e

ciscoios_xeMatch16.1.1

ciscoios_xeMatch16.1.2

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.2.2

ciscoios_xeMatch16.3.1

ciscoios_xeMatch16.3.1a

ciscoios_xeMatch16.3.2

ciscoios_xeMatch16.3.3

ciscoios_xeMatch16.3.4

ciscoios_xeMatch16.3.5

ciscoios_xeMatch16.3.5b

ciscoios_xeMatch16.3.6

ciscoios_xeMatch16.3.7

ciscoios_xeMatch16.3.8

ciscoios_xeMatch16.4.1

ciscoios_xeMatch16.4.2

ciscoios_xeMatch16.4.3

ciscoios_xeMatch16.5.1

ciscoios_xeMatch16.5.1a

ciscoios_xeMatch16.5.1b

ciscoios_xeMatch16.5.2

ciscoios_xeMatch16.5.3

ciscoios_xeMatch16.6.1

ciscoios_xeMatch16.6.2

ciscoios_xeMatch16.6.3

ciscoios_xeMatch16.7.1

ciscoios_xeMatch16.7.1a

ciscoios_xeMatch16.7.1b

ciscoios_xeMatch16.8.1

ciscoios_xeMatch16.8.1a

ciscoios_xeMatch16.8.1b

ciscoios_xeMatch16.8.1c

ciscoios_xeMatch16.8.1d

ciscoios_xeMatch16.8.1e

ciscoios_xeMatch16.8.1s

VendorProductVersionCPE
ciscoios_xe3.2.0jacpe:2.3:o:cisco:ios_xe:3.2.0ja:*:*:*:*:*:*:*
ciscoios_xe3.6.10ecpe:2.3:o:cisco:ios_xe:3.6.10e:*:*:*:*:*:*:*
ciscoios_xe16.1.1cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*
ciscoios_xe16.1.2cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*
ciscoios_xe16.1.3cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*
ciscoios_xe16.2.1cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*
ciscoios_xe16.2.2cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*
ciscoios_xe16.3.1cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*
ciscoios_xe16.3.1acpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*
ciscoios_xe16.3.2cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	3.2.0ja	cpe:2.3:o:cisco:ios_xe:3.2.0ja:::::::*
cisco	ios_xe	3.6.10e	cpe:2.3:o:cisco:ios_xe:3.6.10e:::::::*
cisco	ios_xe	16.1.1	cpe:2.3:o:cisco:ios_xe:16.1.1:::::::*
cisco	ios_xe	16.1.2	cpe:2.3:o:cisco:ios_xe:16.1.2:::::::*
cisco	ios_xe	16.1.3	cpe:2.3:o:cisco:ios_xe:16.1.3:::::::*
cisco	ios_xe	16.2.1	cpe:2.3:o:cisco:ios_xe:16.2.1:::::::*
cisco	ios_xe	16.2.2	cpe:2.3:o:cisco:ios_xe:16.2.2:::::::*
cisco	ios_xe	16.3.1	cpe:2.3:o:cisco:ios_xe:16.3.1:::::::*
cisco	ios_xe	16.3.1a	cpe:2.3:o:cisco:ios_xe:16.3.1a:::::::*
cisco	ios_xe	16.3.2	cpe:2.3:o:cisco:ios_xe:16.3.2:::::::*

Rows per page:

1-10 of 381

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "3.6.10E"
      },
      {
        "status": "affected",
        "version": "16.1.1"
      },
      {
        "status": "affected",
        "version": "16.1.2"
      },
      {
        "status": "affected",
        "version": "16.1.3"
      },
      {
        "status": "affected",
        "version": "3.2.0JA"
      },
      {
        "status": "affected",
        "version": "16.2.1"
      },
      {
        "status": "affected",
        "version": "16.2.2"
      },
      {
        "status": "affected",
        "version": "16.3.1"
      },
      {
        "status": "affected",
        "version": "16.3.2"
      },
      {
        "status": "affected",
        "version": "16.3.3"
      },
      {
        "status": "affected",
        "version": "16.3.1a"
      },
      {
        "status": "affected",
        "version": "16.3.4"
      },
      {
        "status": "affected",
        "version": "16.3.5"
      },
      {
        "status": "affected",
        "version": "16.3.5b"
      },
      {
        "status": "affected",
        "version": "16.3.6"
      },
      {
        "status": "affected",
        "version": "16.3.7"
      },
      {
        "status": "affected",
        "version": "16.3.8"
      },
      {
        "status": "affected",
        "version": "16.4.1"
      },
      {
        "status": "affected",
        "version": "16.4.2"
      },
      {
        "status": "affected",
        "version": "16.4.3"
      },
      {
        "status": "affected",
        "version": "16.5.1"
      },
      {
        "status": "affected",
        "version": "16.5.1a"
      },
      {
        "status": "affected",
        "version": "16.5.1b"
      },
      {
        "status": "affected",
        "version": "16.5.2"
      },
      {
        "status": "affected",
        "version": "16.5.3"
      },
      {
        "status": "affected",
        "version": "16.6.1"
      },
      {
        "status": "affected",
        "version": "16.6.2"
      },
      {
        "status": "affected",
        "version": "16.6.3"
      },
      {
        "status": "affected",
        "version": "16.7.1"
      },
      {
        "status": "affected",
        "version": "16.7.1a"
      },
      {
        "status": "affected",
        "version": "16.7.1b"
      },
      {
        "status": "affected",
        "version": "16.8.1"
      },
      {
        "status": "affected",
        "version": "16.8.1a"
      },
      {
        "status": "affected",
        "version": "16.8.1b"
      },
      {
        "status": "affected",
        "version": "16.8.1s"
      },
      {
        "status": "affected",
        "version": "16.8.1c"
      },
      {
        "status": "affected",
        "version": "16.8.1d"
      },
      {
        "status": "affected",
        "version": "16.8.1e"
      }
    ]
  }
]

References

www.securityfocus.com/bid/107380

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

53.5%

JSON

Related for CVE-2019-1755