Lucene search
HistoryMar 28, 2019 - 1:29 a.m.
CVE-2019-1757
cve-2019-1757
cisco
smart call home
ios
ios xe
vulnerability
certificate validation
man-in-the-middle
nvd
data access
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.7%
A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.
Affected configurations
Node
ciscoiosMatch2.3
ORciscoiosMatch12.2\(6\)i1
ORciscoiosMatch12.4\(25e\)jap1m
ORciscoiosMatch12.4\(25e\)jap2
ORciscoiosMatch12.4\(25e\)jap26
ORciscoiosMatch12.4\(25e\)jaz1
ORciscoiosMatch15.1\(2\)sg8a
ORciscoiosMatch15.1\(3\)svg3d
ORciscoiosMatch15.1\(3\)svi1b
ORciscoiosMatch15.1\(3\)svm3
ORciscoiosMatch15.1\(3\)svn2
ORciscoiosMatch15.1\(3\)svo1
ORciscoiosMatch15.1\(3\)svo2
ORciscoiosMatch15.1\(3\)svp1
ORciscoiosMatch15.1\(4\)m12c
ORciscoiosMatch15.2\(2\)e4
ORciscoiosMatch15.2\(2\)e5
ORciscoiosMatch15.2\(2\)e5a
ORciscoiosMatch15.2\(2\)e5b
ORciscoiosMatch15.2\(2\)e6
ORciscoiosMatch15.2\(2\)e7
ORciscoiosMatch15.2\(2\)e7b
ORciscoiosMatch15.2\(2\)e8
ORciscoiosMatch15.2\(3\)e4
ORciscoiosMatch15.2\(3\)e5
ORciscoiosMatch15.2\(3\)ea1
ORciscoiosMatch15.2\(4\)e2
ORciscoiosMatch15.2\(4\)e3
ORciscoiosMatch15.2\(4\)e4
ORciscoiosMatch15.2\(4\)e5
ORciscoiosMatch15.2\(4\)e5a
ORciscoiosMatch15.2\(4\)e6
ORciscoiosMatch15.2\(4\)ea8
ORciscoiosMatch15.2\(4\)ea9
ORciscoiosMatch15.2\(4\)jaz1
ORciscoiosMatch15.2\(4\)jn1
ORciscoiosMatch15.2\(4a\)ea5
ORciscoiosMatch15.2\(4m\)e2
ORciscoiosMatch15.2\(4m\)e3
ORciscoiosMatch15.2\(4n\)e2
ORciscoiosMatch15.2\(4o\)e2
ORciscoiosMatch15.2\(4o\)e3
ORciscoiosMatch15.2\(4p\)e1
ORciscoiosMatch15.2\(4q\)e1
ORciscoiosMatch15.2\(4s\)e1
ORciscoiosMatch15.2\(4s\)e2
ORciscoiosMatch15.2\(5\)e
ORciscoiosMatch15.2\(5\)e1
ORciscoiosMatch15.2\(5\)e2
ORciscoiosMatch15.2\(5\)e2b
ORciscoiosMatch15.2\(5\)e2c
ORciscoiosMatch15.2\(5\)ea
ORciscoiosMatch15.2\(5\)ex
ORciscoiosMatch15.2\(5a\)e
ORciscoiosMatch15.2\(5a\)e1
ORciscoiosMatch15.2\(5b\)e
ORciscoiosMatch15.2\(5c\)e
ORciscoiosMatch15.2\(6\)e
ORciscoiosMatch15.2\(6\)e0a
ORciscoiosMatch15.2\(6\)e0c
ORciscoiosMatch15.2\(6\)e1
ORciscoiosMatch15.2\(6\)e1a
ORciscoiosMatch15.2\(6\)e1s
ORciscoiosMatch15.3\(3\)ja1n
ORciscoiosMatch15.3\(3\)jd15
ORciscoiosMatch15.3\(3\)jda15
ORciscoiosMatch15.3\(3\)jf35
ORciscoiosMatch15.3\(3\)ji
ORciscoiosMatch15.3\(3\)ji2
ORciscoiosMatch15.3\(3\)jn1
ORciscoiosMatch15.3\(3\)jn2
ORciscoiosMatch15.5\(3\)s1
ORciscoiosMatch15.5\(3\)s1a
ORciscoiosMatch15.5\(3\)s2
ORciscoiosMatch15.5\(3\)s3
ORciscoiosMatch15.5\(3\)s4
ORciscoiosMatch15.5\(3\)s5
ORciscoiosMatch15.5\(3\)s6
ORciscoiosMatch15.5\(3\)s6a
ORciscoiosMatch15.5\(3\)s6b
ORciscoiosMatch15.5\(3\)s7
ORciscoiosMatch15.6\(1\)s
ORciscoiosMatch15.6\(1\)s1
ORciscoiosMatch15.6\(1\)s2
ORciscoiosMatch15.6\(1\)s3
ORciscoiosMatch15.6\(1\)s4
ORciscoiosMatch15.6\(1\)sn
ORciscoiosMatch15.6\(1\)sn1
ORciscoiosMatch15.6\(1\)sn2
ORciscoiosMatch15.6\(1\)sn3
ORciscoiosMatch15.6\(1\)t
ORciscoiosMatch15.6\(1\)t0a
ORciscoiosMatch15.6\(1\)t1
ORciscoiosMatch15.6\(1\)t2
ORciscoiosMatch15.6\(1\)t3
ORciscoiosMatch15.6\(2\)s
ORciscoiosMatch15.6\(2\)s1
ORciscoiosMatch15.6\(2\)s2
ORciscoiosMatch15.6\(2\)s3
ORciscoiosMatch15.6\(2\)s4
ORciscoiosMatch15.6\(2\)sn
ORciscoiosMatch15.6\(2\)sp
ORciscoiosMatch15.6\(2\)sp1
ORciscoiosMatch15.6\(2\)sp2
ORciscoiosMatch15.6\(2\)sp3
ORciscoiosMatch15.6\(2\)sp3b
ORciscoiosMatch15.6\(2\)sp4
ORciscoiosMatch15.6\(2\)t
ORciscoiosMatch15.6\(2\)t0a
ORciscoiosMatch15.6\(2\)t1
ORciscoiosMatch15.6\(2\)t2
ORciscoiosMatch15.6\(2\)t3
ORciscoiosMatch15.6\(3\)m
ORciscoiosMatch15.6\(3\)m0a
ORciscoiosMatch15.6\(3\)m1
ORciscoiosMatch15.6\(3\)m1a
ORciscoiosMatch15.6\(3\)m1b
ORciscoiosMatch15.6\(3\)m2
ORciscoiosMatch15.6\(3\)m2a
ORciscoiosMatch15.6\(3\)m3
ORciscoiosMatch15.6\(3\)m3a
ORciscoiosMatch15.6\(3\)m4
ORciscoiosMatch15.6\(3\)sn
ORciscoiosMatch15.6\(4\)sn
ORciscoiosMatch15.6\(5\)sn
ORciscoiosMatch15.6\(6\)sn
ORciscoiosMatch15.6\(7\)sn
ORciscoiosMatch15.7\(3\)m
ORciscoiosMatch15.7\(3\)m0a
ORciscoiosMatch15.7\(3\)m1
ORciscoiosMatch15.7\(3\)m2
ORciscoios_xeMatch3.6.4e
ORciscoios_xeMatch3.6.5ae
ORciscoios_xeMatch3.6.5be
ORciscoios_xeMatch3.6.5e
ORciscoios_xeMatch3.6.6e
ORciscoios_xeMatch3.6.7ae
ORciscoios_xeMatch3.6.7be
ORciscoios_xeMatch3.6.7e
ORciscoios_xeMatch3.6.8e
ORciscoios_xeMatch3.7.4e
ORciscoios_xeMatch3.7.5e
ORciscoios_xeMatch3.8.2e
ORciscoios_xeMatch3.8.3e
ORciscoios_xeMatch3.8.4e
ORciscoios_xeMatch3.8.5ae
ORciscoios_xeMatch3.8.5e
ORciscoios_xeMatch3.8.6e
ORciscoios_xeMatch3.9.0e
ORciscoios_xeMatch3.9.1e
ORciscoios_xeMatch3.9.2be
ORciscoios_xeMatch3.9.2e
ORciscoios_xeMatch3.10.0ce
ORciscoios_xeMatch3.10.0e
ORciscoios_xeMatch3.10.1ae
ORciscoios_xeMatch3.10.1e
ORciscoios_xeMatch3.10.1se
ORciscoios_xeMatch3.16.1as
ORciscoios_xeMatch3.16.1s
ORciscoios_xeMatch3.16.2as
ORciscoios_xeMatch3.16.2bs
ORciscoios_xeMatch3.16.2s
ORciscoios_xeMatch3.16.3as
ORciscoios_xeMatch3.16.3s
ORciscoios_xeMatch3.16.4as
ORciscoios_xeMatch3.16.4bs
ORciscoios_xeMatch3.16.4cs
ORciscoios_xeMatch3.16.4ds
ORciscoios_xeMatch3.16.4es
ORciscoios_xeMatch3.16.4gs
ORciscoios_xeMatch3.16.4s
ORciscoios_xeMatch3.16.5as
ORciscoios_xeMatch3.16.5bs
ORciscoios_xeMatch3.16.5s
ORciscoios_xeMatch3.16.6bs
ORciscoios_xeMatch3.16.6s
ORciscoios_xeMatch3.16.7as
ORciscoios_xeMatch3.16.7bs
ORciscoios_xeMatch3.16.7s
ORciscoios_xeMatch3.17.0s
ORciscoios_xeMatch3.17.1as
ORciscoios_xeMatch3.17.1s
ORciscoios_xeMatch3.17.3s
ORciscoios_xeMatch3.17.4s
ORciscoios_xeMatch3.18.0as
ORciscoios_xeMatch3.18.0s
ORciscoios_xeMatch3.18.0sp
ORciscoios_xeMatch3.18.1asp
ORciscoios_xeMatch3.18.1bsp
ORciscoios_xeMatch3.18.1csp
ORciscoios_xeMatch3.18.1gsp
ORciscoios_xeMatch3.18.1hsp
ORciscoios_xeMatch3.18.1isp
ORciscoios_xeMatch3.18.1s
ORciscoios_xeMatch3.18.1sp
ORciscoios_xeMatch3.18.2asp
ORciscoios_xeMatch3.18.2s
ORciscoios_xeMatch3.18.2sp
ORciscoios_xeMatch3.18.3asp
ORciscoios_xeMatch3.18.3bsp
ORciscoios_xeMatch3.18.3s
ORciscoios_xeMatch3.18.3sp
ORciscoios_xeMatch3.18.4s
ORciscoios_xeMatch3.18.4sp
ORciscoios_xeMatch16.2.1
ORciscoios_xeMatch16.2.2
ORciscoios_xeMatch16.3.1
ORciscoios_xeMatch16.3.1a
ORciscoios_xeMatch16.3.2
ORciscoios_xeMatch16.3.3
ORciscoios_xeMatch16.3.4
ORciscoios_xeMatch16.3.5
ORciscoios_xeMatch16.3.5b
ORciscoios_xeMatch16.3.6
ORciscoios_xeMatch16.4.1
ORciscoios_xeMatch16.4.2
ORciscoios_xeMatch16.4.3
ORciscoios_xeMatch16.5.1
ORciscoios_xeMatch16.5.1a
ORciscoios_xeMatch16.5.1b
ORciscoios_xeMatch16.5.2
ORciscoios_xeMatch16.5.3
ORciscoios_xeMatch16.6.1
ORciscoios_xeMatch16.6.2
ORciscoios_xeMatch16.6.3
ORciscoios_xeMatch16.7.1
ORciscoios_xeMatch16.7.1a
ORciscoios_xeMatch16.7.1b
ORciscoios_xeMatch16.7.2
ORciscoios_xeMatch16.8.1
ORciscoios_xeMatch16.8.1a
ORciscoios_xeMatch16.8.1b
ORciscoios_xeMatch16.8.1c
ORciscoios_xeMatch16.8.1d
ORciscoios_xeMatch16.8.1s
ORciscoios_xeMatch16.8.2
ORciscoios_xeMatch16.9.1b
ORciscoios_xeMatch16.9.1c
ORciscoios_xeMatch16.9.1s
CNA Affected
[
{
"product": "Cisco IOS and IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.5bE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.8E"
},
{
"status": "affected",
"version": "3.6.7aE"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.2aS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.3aS"
},
{
"status": "affected",
"version": "3.16.4S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.4gS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4cS"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.4eS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.5aS"
},
{
"status": "affected",
"version": "3.16.5bS"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.16.7bS"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "16.2.1"
},
{
"status": "affected",
"version": "16.2.2"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.3.5"
},
{
"status": "affected",
"version": "16.3.5b"
},
{
"status": "affected",
"version": "16.3.6"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1a"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "16.5.2"
},
{
"status": "affected",
"version": "16.5.3"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.0S"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.2S"
},
{
"status": "affected",
"version": "3.18.3S"
},
{
"status": "affected",
"version": "3.18.4S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.1gSP"
},
{
"status": "affected",
"version": "3.18.1bSP"
},
{
"status": "affected",
"version": "3.18.1cSP"
},
{
"status": "affected",
"version": "3.18.2SP"
},
{
"status": "affected",
"version": "3.18.1hSP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.1iSP"
},
{
"status": "affected",
"version": "3.18.3SP"
},
{
"status": "affected",
"version": "3.18.4SP"
},
{
"status": "affected",
"version": "3.18.3aSP"
},
{
"status": "affected",
"version": "3.18.3bSP"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "3.9.2bE"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.1a"
},
{
"status": "affected",
"version": "16.7.1b"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1a"
},
{
"status": "affected",
"version": "16.8.1b"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1c"
},
{
"status": "affected",
"version": "16.8.1d"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.9.1b"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.1c"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.1E"
},
{
"status": "affected",
"version": "3.10.0cE"
},
{
"status": "affected",
"version": "3.10.1aE"
},
{
"status": "affected",
"version": "3.10.1sE"
}
]
}
]References
Social References
More
Related
prion
prion
Design/Logic Flaw
2019-03-28 01:29:00
cvelist
cvelist
nvd
nvd
CVE-2019-1757
2019-03-28 01:29:00
cisco
cisco
nessus
nessus
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.7%
Related for CVE-2019-1757